Bug 769388 - pki-silent does not properly escape command-line arguments
Summary: pki-silent does not properly escape command-line arguments
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pki-core
Version: 6.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Matthew Harmsen
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On: 741180
Blocks: 530474
TreeView+ depends on / blocked
 
Reported: 2011-12-20 17:14 UTC by Dmitri Pal
Modified: 2012-06-20 12:07 UTC (History)
4 users (show)

Fixed In Version: pki-core-9.0.3-23.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 741180
Environment:
Last Closed: 2012-06-20 12:07:55 UTC


Attachments (Terms of Use)
Resolves pki-silent does not properly escape command-line arguments (1.05 KB, patch)
2012-03-06 04:14 UTC, Matthew Harmsen
no flags Details | Diff
Applies fix for pki-silent does not properly escape command-line arguments (3.39 KB, patch)
2012-03-06 04:15 UTC, Matthew Harmsen
no flags Details | Diff
pkisilent script which uses a password argument with quotes and slashes (3.50 KB, text/plain)
2012-04-05 15:02 UTC, Kashyap Chamarthy
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0761 normal SHIPPED_LIVE pki-core bug fix update 2012-06-19 19:30:44 UTC

Comment 2 Matthew Harmsen 2012-03-06 04:14:23 UTC
Created attachment 567818 [details]
Resolves pki-silent does not properly escape command-line arguments

Comment 3 Matthew Harmsen 2012-03-06 04:15:22 UTC
Created attachment 567819 [details]
Applies fix for pki-silent does not properly escape command-line arguments

Comment 4 Matthew Harmsen 2012-03-06 04:16:17 UTC
As this patch was previously reviewed for Dogtag 9 and Dogtag 10, the patches for RHEL 6 will not be reviewed a second time.

Comment 5 Matthew Harmsen 2012-03-06 04:20:49 UTC
# git am 0027-BZ-769388-pki-silent-does-not-properly-escape-command-line-arguments.patch
Applying: BZ 769388 - pki-silent does not properly escape command-line arguments

# git log -1
commit c4720b69e365a09fd2aaed4bfe0a342d8cadb9a7
Author: Matthew Harmsen <mharmsen@redhat.com>
Date:   Mon Mar 5 19:17:28 2012 -0800

    BZ 769388 - pki-silent does not properly escape command-line arguments

# git push
Counting objects: 13, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (7/7), 665 bytes, done.
Total 7 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/pki.git
   f70660c..c4720b6  IPA_v2_RHEL_6_ERRATA_BRANCH -> IPA_v2_RHEL_6_ERRATA_BRANCH

# git am 0001-Apply-pki-silent-escape-command-line-arguments.patch
Applying: Apply pki-silent escape command-line arguments
/home/mharmsen/DOGTAG/pkigit.ipa2/.git/rebase-apply/patch:30: trailing whitespace.
 
/home/mharmsen/DOGTAG/pkigit.ipa2/.git/rebase-apply/patch:38: trailing whitespace.
 
/home/mharmsen/DOGTAG/pkigit.ipa2/.git/rebase-apply/patch:40: trailing whitespace.
-- 
/home/mharmsen/DOGTAG/pkigit.ipa2/.git/rebase-apply/patch:42: new blank line at EOF.
+
warning: 4 lines add whitespace errors.

# git log -1
commit b39189d44da957b924d598712c5eb2f4ed167bd7
Author: Matthew Harmsen <mharmsen@redhat.com>
Date:   Mon Mar 5 20:09:20 2012 -0800

    Apply pki-silent escape command-line arguments
    
    BZ 769388 - pki-silent does not properly escape command-line arguments

# git push
Counting objects: 12, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (7/7), 1.34 KiB, done.
Total 7 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/pki.git
   c4720b6..b39189d  IPA_v2_RHEL_6_ERRATA_BRANCH -> IPA_v2_RHEL_6_ERRATA_BRANCH

Comment 7 Kashyap Chamarthy 2012-04-05 15:02:05 UTC
Created attachment 575470 [details]
pkisilent script which uses a password argument with quotes and slashes

Comment 8 Kashyap Chamarthy 2012-04-05 15:14:39 UTC
VERIFIED.

================
[root@tiger bz-verif-769388]# cat /etc/redhat-release ; arch
Red Hat Enterprise Linux Server release 6.3 Beta (Santiago)
x86_64
[root@tiger bz-verif-769388]#
================

I used a password like this '\(pas\&w\`rd\)' for pki_silent_security_database successfully.

Refer to comment #7 for test script.

Version: pki-silent-9.0.3-24.el6.noarch

Comment 10 errata-xmlrpc 2012-06-20 12:07:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0761.html


Note You need to log in before you can comment on or make changes to this bug.