search

RestComm / Restcomm-Connect

The Open Source Cloud Communications Platform
http://www.restcomm.com/
GNU Affero General Public License v3.0
242 stars 215 forks source link

Prevent special characters in SSL configuration Password #2539

Open croufay opened 6 years ago

croufay commented 6 years ago

Prevent special characters in SSL configuration Password,

This is linked to https://github.com/RestComm/mediaserver/issues/431

This is linked to this issues and after discussing with henrique, we decided to perform a check before updating the run.sh of the mediaserver, the mediaserver.conf file and the standalone-sip.xml file for SSL password

croufay commented 6 years ago

@leftyb pointed out another important point about password in SSL, that is, CA often provide you with a pwd that might contain special characters. This means that checking only for alphanumeric character will not work.

This is a list of accepted special characters in passwords : https://kb.wisc.edu/page.php?id=4073

Special Characters in xml file that impacts standalone-sip.xml file The code needs to check the password and if the end file is an xml file, it needs to escape the character as follows: There are only five: " " ' ' < <

> & &

The solution will escape the password with xml escape special character if you have to update an xml filel and another escape solution for non xml file especially in bash shell file