Bug #2829

faxweb: unable to authenticate if password contains $

Added by Filippo Carletti about 7 years ago. Updated almost 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-faxweb2
Target version:v6.5
Security class: Resolution:
Affected version:v6.5-final NEEDINFO:No

Description

If the user password contains $ login fails.
In /var/www/html/faxweb/login.php $password should be protected against var expansion:

system("/var/www/html/faxweb/auth.pl '$username' '$password'", $ret);

Associated revisions

Revision 82128d13
Added by Giacomo Sanchietti almost 7 years ago

Login: handle special chars. Refs #2829

Revision dd344b4f
Added by Davide Principi almost 7 years ago

faxweb/login.php: shell-escape user supplied credentials. Refs #2829

History

#2 Updated by Davide Principi almost 7 years ago

  • Target version set to v6.5

#3 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#4 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30
  • Affected version changed from v6.5 to v6.5-final

#5 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#6 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-faxweb2-1.0.5-4.0gitf9b6be17.ns6.noarch.rpm
Test case
  • Enable the admin user and set a password containing the "$" character
  • Try to authenticate with the user password

#7 Updated by Davide Principi almost 7 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20

The test case is OK but the implemented solution does not escape single quote character '.

#8 Updated by Davide Principi almost 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#9 Updated by Davide Principi almost 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

  • Repeat original test case
  • Check also for passwords containing single quote '

#10 Updated by Davide Principi almost 7 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing
nethserver-faxweb2-1.0.5-4.0gitdd344b4f.ns6.noarch.rpm
nethserver-faxweb2-1.0.5-5.0git19543d67.ns6.noarch.rpm

#11 Updated by Giacomo Sanchietti almost 7 years ago

  • Assignee set to Giacomo Sanchietti

#12 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

The bug is fixed.

#13 Updated by Davide Principi almost 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-faxweb2-1.1.0-1.ns6.noarch.rpm

Also available in: Atom PDF