Bug #213
closed
Invalid/Improperly escaped CARP password breaks CARP Interface creation.
Added by Jim Pingle almost 15 years ago.
Updated almost 15 years ago.
Description
Relayed from Gary on IRC, a support customer had a complex CARP VHID password which contained some special characters.
Due to this, it failed to bring up their CARP VIPs. The interface existed, but had no IP address.
The password was:
<password>21/K},vDX]$'=8gKOzNbzc?</password>
In the code, it looks like the password has spaces removed and is double quoted ("") so it may be choking on the $ in the password.
Most likely, the password just needs to be escaped better, or the offending characters flagged as invalid input.
Files
- Subject changed from Invalid/Improperly escaped CARP password breaks to Invalid/Improperly escaped CARP password breaks CARP Interface creation.
- Affected Version changed from 1.2.3 to All
Judging by a quick look at the code, this appears to be an issue on 2.0 as well but I haven't tried it in a test environment yet.
Seth suggests using base64_encode on that field, which means any value is safe to store.
Possible issue being, how much does the command line accept and would it still be there. Alternatively use the base64encoded string as the password? No idea what the limitations here are on length either.
Most likely it will just take addslashes() on the password and quoting with '' instead of "" on the shell exec to fix.
I finally had a chance to attempt replication of this issue and so far I am unable to do so. I tried on 1.2.2-RELEASE, 1.2.3-RELEASE, and 2.0, each time the CARP interface IP came up with that password.
I don't have a cluster handy to test with, but I wonder if maybe it isn't making it from Primary to Secondary hosts via XMLRPC sync, or perhaps there is something else going on with the support customer's box. Without more detail, we may just need to close this ticket.
Ok, the password above was not the offending password. The password that had issues contained a double quote (")
The password is this:
[Ki|CRP<"+oaDtWsiK<v!e<
Encoded in the config like so:
<password>[Ki|CRP<"+oaDtWsiK<v!e<</password>
I have replicated this now and have a patch, which is attached. I patched it against 1.2.x for use by the customer, I'll work out a similar fix for 2.0
- Status changed from New to Resolved
- % Done changed from 0 to 100
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by Anonymous