Subject: bin/29457: pppoectl's config file does not allow number sign in passwords
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Joachim Kuebart <kuebart@mathematik.uni-ulm.de>
List: netbsd-bugs
Date: 02/19/2005 17:30:01
>Number: 29457
>Category: bin
>Synopsis: pppoectl's config file does not allow number sign in passwords
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Feb 19 17:30:01 +0000 2005
>Originator: Joachim Kuebart
>Release: NetBSD 2.0B
>Organization:
>Environment:
System: NetBSD jaja 2.0B NetBSD 2.0B (ALPHA-$Revision: 1.191 $) #5: Mon Feb 14 19:54:33 CET 2005 joki@jaja:/usr/obj/usr/src/sys/arch/alpha/compile/JAJA alpha
Architecture: alpha
Machine: alpha
pppoectl.8:
$NetBSD: pppoectl.8,v 1.23 2003/10/02 07:07:48 wiz Exp $
pppoectl.c:
$NetBSD: pppoectl.c,v 1.16 2004/09/01 19:38:09 jdolecek Exp $
>Description:
The pppoectl program has an -f switch to specify a file name in
which configuration information is kept. This file is processed
with fparseln(3) and therefore supports features supplied by this
function, viz. comments starting with `#'.
Unfortunately, this feature prevents the user from using the `#'
character as part of their authentication information.
Incidentally, one major ISP in Germany requires `#' signs in user
names.
>How-To-Repeat:
Use a "config" file with the line
myauthname=a#b
After ppppoectl -f config pppoe0, pppoectl pppoe0 will show
myauthname=a
Everything after the number sign is lost (likewise for passwords).
>Fix:
To enable escaping the comment character, pass an appropriate flag
to fparseln(3). I think FPARSELN_UNESCALL is the correct flag value
to use, since every other flag value prevents certain character
sequences from being passed in.
The example above can now be entered thusly:
myauthname=a\#b
while comments are sill supported.
I suggest the following fix:
Index: pppoectl.c
===================================================================
RCS file: /cvsroot/src/sbin/pppoectl/pppoectl.c,v
retrieving revision 1.16
diff -u -p -r1.16 pppoectl.c
--- pppoectl.c 1 Sep 2004 19:38:09 -0000 1.16
+++ pppoectl.c 19 Feb 2005 17:30:15 -0000
@@ -296,7 +296,8 @@ main(int argc, char **argv)
/* first load the config file, then parse command line args */
if (configname && (fp = fopen(configname, "r")))
- while ((line = fparseln(fp, NULL, NULL, NULL, 0)))
+ while ((line = fparseln(fp, NULL, NULL, NULL,
+ FPARSELN_UNESCALL)))
pppoectl_argument(line);
while (argc > 0) {
Index: pppoectl.8
===================================================================
RCS file: /cvsroot/src/sbin/pppoectl/pppoectl.8,v
retrieving revision 1.23
diff -u -p -r1.23 pppoectl.8
--- pppoectl.8 2 Oct 2003 07:07:48 -0000 1.23
+++ pppoectl.8 19 Feb 2005 17:30:14 -0000
@@ -90,10 +90,12 @@ This is only available if DNS query is e
.It Fl f
parse
.Ar config-file
-ignoring lines starting with a # for
+for
.Ar parameter Ns Op \&= Ns Ar value
pairs, one per line, as if they had been specified on the command line.
This allows the password to be not passed as a command line argument.
+Unless escaped by \e, comments starting with # to the end of the current line
+are ignored.
.El
.Pp
Typically, not both the access concentrator name and the service name are