Bug #213
closed
Invalid/Improperly escaped CARP password breaks CARP Interface creation.
100%
Description
Relayed from Gary on IRC, a support customer had a complex CARP VHID password which contained some special characters.
Due to this, it failed to bring up their CARP VIPs. The interface existed, but had no IP address.
The password was:
<password>21/K},vDX]$'=8gKOzNbzc?</password>
In the code, it looks like the password has spaces removed and is double quoted ("") so it may be choking on the $ in the password.
Most likely, the password just needs to be escaped better, or the offending characters flagged as invalid input.
Files
Updated by Jim Pingle over 14 years ago
- Subject changed from Invalid/Improperly escaped CARP password breaks to Invalid/Improperly escaped CARP password breaks CARP Interface creation.
Updated by Jim Pingle over 14 years ago
- Affected Version changed from 1.2.3 to All
Judging by a quick look at the code, this appears to be an issue on 2.0 as well but I haven't tried it in a test environment yet.
Updated by Seth Mos over 14 years ago
Seth suggests using base64_encode on that field, which means any value is safe to store.
Possible issue being, how much does the command line accept and would it still be there. Alternatively use the base64encoded string as the password? No idea what the limitations here are on length either.
Updated by Jim Pingle over 14 years ago
Most likely it will just take addslashes() on the password and quoting with '' instead of "" on the shell exec to fix.
Updated by
Updated by Jim Pingle over 14 years ago
I finally had a chance to attempt replication of this issue and so far I am unable to do so. I tried on 1.2.2-RELEASE, 1.2.3-RELEASE, and 2.0, each time the CARP interface IP came up with that password.
I don't have a cluster handy to test with, but I wonder if maybe it isn't making it from Primary to Secondary hosts via XMLRPC sync, or perhaps there is something else going on with the support customer's box. Without more detail, we may just need to close this ticket.
Updated by Jim Pingle over 14 years ago
- File carpvippassfix.diff carpvippassfix.diff added
Ok, the password above was not the offending password. The password that had issues contained a double quote (")
The password is this:
[Ki|CRP<"+oaDtWsiK<v!e<
Encoded in the config like so:
<password>[Ki|CRP<"+oaDtWsiK<v!e<</password>
I have replicated this now and have a patch, which is attached. I patched it against 1.2.x for use by the customer, I'll work out a similar fix for 2.0
Updated by Anonymous over 14 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Applied in changeset 942fdd555964d4854e38f8508ffe6acc190b94f4.