The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Thank you,
    some special characters can indeed be a problem, thank you for 
spotting this.
The only other installer where we ask for the user's password is Windows 
but there we base64 encode it to avoid such problems. In Linux single 
quotes can of course be a problem, but possibly backslashes can too, to 
we need to do some more testing.

Yours
Tomasz



W dniu 25.11.2014, 22:06, Brian Epstein pisze:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> We were having an issue with one particular user and the CAT installer
> for Linux.  We suspect that they may have a single quote in their
> password.
>
> Our testing showed that passwords with single quotes would break the
> installer.  I wrote a quick patch that modifies the PASSWORD variable
> just before it is used for the inline python script in the
> run_python_script function.
>
> It basically replaces any single quotes with an escaped single quote
> which Python accepts.
>
> PASSWORD=$( echo "$PASSWORD" | sed "s/'/\\\'/g" )
>
> I've tested this and it seems to work fine.
>
> I'm attaching the patch in case it helps you.  Obviously, everyone's
> installer will apply the patch on a different line due to certificate
> size and customization, but you get the general idea of where it goes.
>
> Any idea if this affects other OS/installers?
>
> Thanks,
> ep
>
> - -- 
> Brian Epstein <bepstein AT ias.edu>                     +1 609-734-8179
> Manager, Network and Security           Institute for Advanced Study
> Key fingerprint = 128A 38F4 4CFA 5EDB 99CE  4734 6117 4C25 0371 C12A
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iEYEARECAAYFAlR072YACgkQYRdMJQNxwSpaJwCdHuqbWUdcG00uZO24JbJ1BfOB
> v+AAnRDpeLUoig2Rl2Ev1KiEkr75emRa
> =o1Z5
> -----END PGP SIGNATURE-----