2008-08-08 Dan Williams <dcbw@redhat.com>

* src/nm-openvpn-service.c - (nm_openvpn_socket_data_cb): handle spaces in passwords and usernames (bgo #482139) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3917 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2025-12-25 15:20:08 +01:00 · 2008-08-08 14:00:15 +00:00 · 2008-08-08 14:00:15 +00:00 · 145ae6b04a
commit 145ae6b04a
parent 7de0089dac
2 changed files with 47 additions and 6 deletions
--- a/vpn-daemons/openvpn/ChangeLog
+++ b/vpn-daemons/openvpn/ChangeLog
@ -1,3 +1,9 @@
+2008-08-08  Dan Williams  <dcbw@redhat.com>
+
+	* src/nm-openvpn-service.c
+		- (nm_openvpn_socket_data_cb): handle spaces in passwords and usernames
+			(bgo #482139)
+
 2008-08-06  Dan Williams  <dcbw@redhat.com>

 	* src/nm-openvpn-service-openvpn-helper.c
--- a/vpn-daemons/openvpn/src/nm-openvpn-service.c
+++ b/vpn-daemons/openvpn/src/nm-openvpn-service.c
@ -166,6 +166,26 @@ nm_openvpn_disconnect_management_socket (NMOpenvpnPlugin *plugin)
 	priv->io_data = NULL;
 }

+static char *
+ovpn_quote_string (const char *unquoted)
+{
+	char *quoted = NULL, *q;
+	char *u = (char *) unquoted;
+
+	g_return_val_if_fail (unquoted != NULL, NULL);
+
+	/* FIXME: use unpaged memory */
+	quoted = q = g_malloc0 (strlen (unquoted) * 2);
+	while (*u) {
+		/* Escape certain characters */
+		if (*u == ' ' || *u == '\\' || *u == '"')
+			*q++ = '\\';
+		*q++ = *u++;
+	}
+
+	return quoted;
+}
+
 static gboolean
 nm_openvpn_socket_data_cb (GIOChannel *source, GIOCondition condition, gpointer user_data)
 {
@ -189,10 +209,19 @@ nm_openvpn_socket_data_cb (GIOChannel *source, GIOCondition condition, gpointer
 	if (sscanf (str, ">PASSWORD:Need '%a[^']'", &auth) > 0 ) {
 		if (strcmp (auth, "Auth") == 0) {
 			if (io_data->username != NULL && io_data->password != NULL) {
-				buf = g_strdup_printf ("username \"%s\" %s\n"
-								   "password \"%s\" %s\n",
-								   auth, io_data->username,
-								   auth, io_data->password);
+				char *quser, *qpass;
+
+				/* Quote strings passed back to openvpn */
+				quser = ovpn_quote_string (io_data->username);
+				qpass = ovpn_quote_string (io_data->password);
+				buf = g_strdup_printf ("username \"%s\" \"%s\"\n"
+				                       "password \"%s\" \"%s\"\n",
+				                       auth, quser,
+				                       auth, qpass);
+				memset (qpass, 0, strlen (qpass));
+				g_free (qpass);
+				g_free (quser);
+
 				/* Will always write everything in blocking channels (on success) */
 				g_io_channel_write_chars (source, buf, strlen (buf), &written, NULL);
 				g_io_channel_flush (source, NULL);
@ -200,7 +229,14 @@ nm_openvpn_socket_data_cb (GIOChannel *source, GIOCondition condition, gpointer
 			}
 		} else if (!strcmp (auth, "Private Key")) {
 			if (io_data->certpass) {
-				buf = g_strdup_printf ("password \"%s\" %s\n", auth, io_data->certpass);
+				char *qpass;
+
+				/* Quote strings passed back to openvpn */
+				qpass = ovpn_quote_string (io_data->certpass);
+				buf = g_strdup_printf ("password \"%s\" \"%s\"\n", auth, qpass);
+				memset (qpass, 0, strlen (qpass));
+				g_free (qpass);
+
 				/* Will always write everything in blocking channels (on success) */
 				g_io_channel_write_chars (source, buf, strlen (buf), &written, NULL);
 				g_io_channel_flush (source, NULL);
@ -213,7 +249,6 @@ nm_openvpn_socket_data_cb (GIOChannel *source, GIOCondition condition, gpointer
 			nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
 			nm_openvpn_disconnect_management_socket (plugin);
 		}
-
 	} else if (strstr (str, ">PASSWORD:Verification Failed: ") == str) {
 		nm_warning ("Password verification failed");
 		nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);