Date: Tue, 23 Aug 2005 14:47:21 +1000 (EST) From: Maurice Castro <maurice@sphinx.clari.net.au> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/85240: Ampersand problem in pwman Message-ID: <200508230447.j7N4lL9T000464@sphinx.clari.net.au> Resent-Message-ID: <200508230450.j7N4oTlm074751@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 85240 >Category: ports >Synopsis: Ampersand problem in pwman >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Aug 23 04:50:29 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Maurice Castro >Release: FreeBSD 5.4-RELEASE i386 >Organization: >Environment: System: FreeBSD sphinx.clari.net.au 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Mon Aug 15 14:39:49 EST 2005 maurice@sphinx.clari.net.au:/work/src/sys/i386/compile/sphinx i386 >Description: pwman does not handle & correctly within passwords. After quitting the program the ampersands are removed. An unofficial patch is available from sourceforge >How-To-Repeat: >Fix: Download http://sourceforge.net/tracker/download.php?group_id=50130&atid=458675&file_id=124842&aid=1159935 and save as files/patch-aa add 'src/' to the front of the filenames to allow it to automatically patch --- src/pwlist.c.old 2005-03-09 16:07:07.000000000 +0000 +++ src/pwlist.c 2005-03-09 16:06:37.000000000 +0000 @@ -272,13 +272,32 @@ write_password_node(xmlNodePtr root, Pw* pw) { xmlNodePtr node; + xmlChar *escaped; + + // Take the inbound strings. Treat as an xmlChar, and escape + // Need to free the result of escape every time node = xmlNewChild(root, NULL, (xmlChar*)"PwItem", NULL); - xmlNewChild(node, NULL, (xmlChar*)"name", (xmlChar*)pw->name); - xmlNewChild(node, NULL, (xmlChar*)"host", (xmlChar*)pw->host); - xmlNewChild(node, NULL, (xmlChar*)"user", (xmlChar*)pw->user); - xmlNewChild(node, NULL, (xmlChar*)"passwd", (xmlChar*)pw->passwd); - xmlNewChild(node, NULL, (xmlChar*)"launch", (xmlChar*)pw->launch); + + escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->name); + xmlNewChild(node, NULL, (xmlChar*)"name", escaped); + xmlFree(escaped); + + escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->host); + xmlNewChild(node, NULL, (xmlChar*)"host", escaped); + xmlFree(escaped); + + escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->user); + xmlNewChild(node, NULL, (xmlChar*)"user", escaped); + xmlFree(escaped); + + escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->passwd); + xmlNewChild(node, NULL, (xmlChar*)"passwd", escaped); + xmlFree(escaped); + + escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->launch); + xmlNewChild(node, NULL, (xmlChar*)"launch", escaped); + xmlFree(escaped); } int >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508230447.j7N4lL9T000464>