ports/85240: Ampersand problem in pwman

Tue Aug 23 04:50:30 UTC 2005

>Number:         85240
>Category:       ports
>Synopsis:       Ampersand problem in pwman
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 23 04:50:29 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Maurice Castro
>Release:        FreeBSD 5.4-RELEASE i386
>Organization:
>Environment:
System: FreeBSD sphinx.clari.net.au 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Mon Aug 15 14:39:49 EST 2005 maurice at sphinx.clari.net.au:/work/src/sys/i386/compile/sphinx i386


	
>Description:
	pwman does not handle & correctly within passwords. After quitting the
	program the ampersands are removed. An unofficial patch is available 
	from sourceforge
>How-To-Repeat:
	
>Fix:
	Download http://sourceforge.net/tracker/download.php?group_id=50130&atid=458675&file_id=124842&aid=1159935 and save as files/patch-aa add 'src/' to the
front of the filenames to allow it to automatically patch

--- src/pwlist.c.old	2005-03-09 16:07:07.000000000 +0000
+++ src/pwlist.c	2005-03-09 16:06:37.000000000 +0000
@@ -272,13 +272,32 @@
 write_password_node(xmlNodePtr root, Pw* pw)
 {
 	xmlNodePtr node;
+	xmlChar *escaped;
+
+	// Take the inbound strings. Treat as an xmlChar, and escape
+	// Need to free the result of escape every time
 
 	node = xmlNewChild(root, NULL, (xmlChar*)"PwItem", NULL);
-	xmlNewChild(node, NULL, (xmlChar*)"name", (xmlChar*)pw->name);
-	xmlNewChild(node, NULL, (xmlChar*)"host", (xmlChar*)pw->host);
-	xmlNewChild(node, NULL, (xmlChar*)"user", (xmlChar*)pw->user);
-	xmlNewChild(node, NULL, (xmlChar*)"passwd", (xmlChar*)pw->passwd);
-	xmlNewChild(node, NULL, (xmlChar*)"launch", (xmlChar*)pw->launch);
+
+	escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->name);
+	xmlNewChild(node, NULL, (xmlChar*)"name", escaped);
+	xmlFree(escaped);
+
+	escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->host);
+	xmlNewChild(node, NULL, (xmlChar*)"host", escaped);
+	xmlFree(escaped);
+
+	escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->user);
+	xmlNewChild(node, NULL, (xmlChar*)"user", escaped);
+	xmlFree(escaped);
+
+	escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->passwd);
+	xmlNewChild(node, NULL, (xmlChar*)"passwd", escaped);
+	xmlFree(escaped);
+	
+	escaped = xmlEncodeSpecialChars(root, (xmlChar*)pw->launch);
+	xmlNewChild(node, NULL, (xmlChar*)"launch", escaped);
+	xmlFree(escaped);
 }
 
 int
>Release-Note:
>Audit-Trail:
>Unformatted:

