Project

General

Profile

Actions

Bug #213

closed

Invalid/Improperly escaped CARP password breaks CARP Interface creation.

Added by Jim Pingle about 15 years ago. Updated about 15 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
CARP
Target version:
-
Start date:
12/08/2009
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Relayed from Gary on IRC, a support customer had a complex CARP VHID password which contained some special characters.

Due to this, it failed to bring up their CARP VIPs. The interface existed, but had no IP address.

The password was:

<password>21/K},vDX]$'=8gKOzNbzc?</password>

In the code, it looks like the password has spaces removed and is double quoted ("") so it may be choking on the $ in the password.

Most likely, the password just needs to be escaped better, or the offending characters flagged as invalid input.


Files

carpvippassfix.diff (1014 Bytes) carpvippassfix.diff Jim Pingle, 12/10/2009 03:05 PM
Actions #1

Updated by Jim Pingle about 15 years ago

  • Subject changed from Invalid/Improperly escaped CARP password breaks to Invalid/Improperly escaped CARP password breaks CARP Interface creation.
Actions #2

Updated by Jim Pingle about 15 years ago

  • Affected Version changed from 1.2.3 to All

Judging by a quick look at the code, this appears to be an issue on 2.0 as well but I haven't tried it in a test environment yet.

Actions #3

Updated by Seth Mos about 15 years ago

Seth suggests using base64_encode on that field, which means any value is safe to store.

Possible issue being, how much does the command line accept and would it still be there. Alternatively use the base64encoded string as the password? No idea what the limitations here are on length either.

Actions #4

Updated by Jim Pingle about 15 years ago

Most likely it will just take addslashes() on the password and quoting with '' instead of "" on the shell exec to fix.

Actions #5

Updated by Scott Ullrich about 15 years ago

escapeshellarg()

Actions #6

Updated by Jim Pingle about 15 years ago

I finally had a chance to attempt replication of this issue and so far I am unable to do so. I tried on 1.2.2-RELEASE, 1.2.3-RELEASE, and 2.0, each time the CARP interface IP came up with that password.

I don't have a cluster handy to test with, but I wonder if maybe it isn't making it from Primary to Secondary hosts via XMLRPC sync, or perhaps there is something else going on with the support customer's box. Without more detail, we may just need to close this ticket.

Actions #7

Updated by Jim Pingle about 15 years ago

Ok, the password above was not the offending password. The password that had issues contained a double quote (")

The password is this:

[Ki|CRP<"+oaDtWsiK<v!e<

Encoded in the config like so:

<password>[Ki|CRP&lt;&quot;+oaDtWsiK&lt;v!e&lt;</password> 

I have replicated this now and have a patch, which is attached. I patched it against 1.2.x for use by the customer, I'll work out a similar fix for 2.0

Actions #8

Updated by Anonymous about 15 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF