Bug 980859 - can't handle passwords with &
can't handle passwords with &
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: crypto-utils (Show other bugs)
19
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Joe Orton
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-03 07:26 EDT by Anthony Green
Modified: 2014-02-13 18:29 EST (History)
3 users (show)

See Also:
Fixed In Version: crypto-utils-2.4.1-47.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-13 18:29:17 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Anthony Green 2013-07-03 07:26:06 EDT
Description of problem:

genkey does not escape password characters when it calls keyutil.  For instance, if I create a key with password "ABC&DEF", I'll get the following:

# genkey cloud.atgreen.org
/usr/bin/keyutil -c makecert -g 2048 -s "CN=box.example.com, O=My Home Data Center, L=Toronto, ST=Ontario, C=CA" -v 1 -a -z /etc/pki/tls/.rand.4698 -e ABC&DEF -o /etc/pki/tls/certs/cloud.atgreen.org.crt -k /etc/pki/tls/private/cloud.atgreen.org.key
sh: DEF: command not found

genkey should have escaped the & when creating that keyutil command option.

Version-Release number of selected component (if applicable):
crypto-utils-2.4.1-39.fc19.x86_64

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Ryan Foster 2013-08-23 17:03:27 EDT
Version-Release number of selected component (if applicable):
crypto-utils-2.4.1-24.2.el6.x86_64

I had a similar problem on RHEL 6.4 x86_64 where a passphrase with spaces would be accepted by genkey, but then cause failure where the same passphrase could not be used to decrypt the key.  Running genkey with "genkey --test" or directly calling /usr/bin/keyutil does not provide an error message when providing a passphrase containing spaces.  Running genkey without the "--test" flag does provide an error message, but about certificate creation failure, not about the passphrase.  It seems that genkey passes the passphrase to /usr/bin/keyutil unquoted.  Surrounding the passphrase in quotes in the call to /usr/bin/keyutil seems to solve the problem.


Fails:
/usr/bin/keyutil -c genreq -g 512 -s "CN=test, OU=testou, O=testo, L=testl, ST=testst, C=US" -v 24 -a -o /etc/pki/tls/certs/two.words.0.csr -k /etc/pki/tls/private/two.words.key -e two words

Works:
/usr/bin/keyutil -c genreq -g 512 -s "CN=test, OU=testou, O=testo, L=testl, ST=testst, C=US" -v 24 -a -o /etc/pki/tls/certs/two.words.0.csr -k /etc/pki/tls/private/two.words.key -e "two words"


I have a more detailed write-up of tests if it is needed.  If necessary, I can also file this as a separate bug, but it seemed that the original description here about non-escaped passphrase characters and the problem I encountered were similar enough to merit mentioning here first.
Comment 4 Fedora Update System 2014-01-27 10:02:33 EST
crypto-utils-2.4.1-48.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/FEDORA-2014-1362/crypto-utils-2.4.1-48.fc20
Comment 5 Fedora Update System 2014-01-27 10:02:52 EST
crypto-utils-2.4.1-48.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/crypto-utils-2.4.1-48.fc19
Comment 6 Fedora Update System 2014-02-04 22:38:02 EST
crypto-utils-2.4.1-48.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2014-02-04 22:40:25 EST
crypto-utils-2.4.1-48.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Joe Orton 2014-02-13 18:29:17 EST
Fixed in updates.

Note You need to log in before you can comment on or make changes to this bug.