Closed ben0x4a closed 10 years ago
Are you sure? Have you tried quotation: "password" or 'password' ?
I am sure. Adding quotes just makes things worse, the quotes get included as part of the password.
[ben@Nyx:~/projects/sendxmpp] cat ~/.sendxmpprc ben@im.office.gdi 'secret hello what' hello [ben@Nyx:~/projects/sendxmpp] echo "test message" | ./sendxmpp -v --ssl -j im.office.gdi ben@im.office.gdi Use of uninitialized value $args{"file"} in lc at /usr/share/perl5/Net/XMPP/Debug.pm line 154. syntax error in line 1 of /home/ben/.sendxmpprc
[ben@Nyx:~/projects/sendxmpp] cat ~/.sendxmpprc ben@im.office.gdi "secret hello what" hello [ben@Nyx:~/projects/sendxmpp] echo "test message" | ./sendxmpp -v --ssl -j im.office.gdi ben@im.office.gdi Use of uninitialized value $args{"file"} in lc at /usr/share/perl5/Net/XMPP/Debug.pm line 154. syntax error in line 1 of /home/ben/.sendxmpprc
[ben@Nyx:~/projects/sendxmpp] cat ~/.sendxmpprc ben@im.office.gdi "secrethello" there [ben@Nyx:~/projects/sendxmpp] echo "test message" | ./sendxmpp -v --ssl -j im.office.gdi ben@im.office.gdi Use of uninitialized value $args{"file"} in lc at /usr/share/perl5/Net/XMPP/Debug.pm line 154. sendxmpp: config: 'password' => '"secrethello"' sendxmpp: config: 'component' => 'there' sendxmpp: config: 'jserver' => 'im.office.gdi' sendxmpp: config: 'port' => '0' sendxmpp: config: 'username' => 'ben' sendxmpp: ssl_verify: 1 sendxmpp: tls_capath: Use of uninitialized value within @ in lc at /usr/share/perl5/XML/Stream/Parser.pm line 71. sendxmpp: Connect: 1 Error 'AuthSend': error: not-authorized[?] sendxmpp: Disconnect
It comes down to the regex here: if (/([.\w_#-]+)@([-.\w:;]+)\s+(\S+)\s*(\S+)?$/) { %config = ( 'username' => $1, 'jserver' => $2, 'port' => 0, 'password' => $3, 'component' => $4, );
The password (\S+) matches non-whitespace characters. No quoting or escaping is checked for. Adding support for quoting in the regex would be difficult without breaking passwords with quotation marks in them. Probably the best option would be to put each field on a seperate line, like: account: user server: server password: "password" component: componentname and consider everything between the first and last " part of the password, so ""hello there" => "hello there
Hi all,
I will check this issue this week and provide a patch. The biggest problem is backward compatibility but it is not a problem at all. :-)
Thanks for your report.
Regards, LH On Sep 12, 2014 5:20 PM, "ben0x4a" notifications@github.com wrote:
I am sure. Adding quotes just makes things worse, the quotes get included as part of the password.
[ben@Nyx:~/projects/sendxmpp] cat ~/.sendxmpprc ben@im.office.gdi 'secret hello what' hello [ben@Nyx:~/projects/sendxmpp] echo "test message" | ./sendxmpp -v --ssl -j im.office.gdi ben@im.office.gdi Use of uninitialized value $args{"file"} in lc at /usr/share/perl5/Net/XMPP/Debug.pm line 154. syntax error in line 1 of /home/ben/.sendxmpprc
[ben@Nyx:~/projects/sendxmpp] cat ~/.sendxmpprc ben@im.office.gdi "secret hello what" hello [ben@Nyx:~/projects/sendxmpp] echo "test message" | ./sendxmpp -v --ssl -j im.office.gdi ben@im.office.gdi Use of uninitialized value $args{"file"} in lc at /usr/share/perl5/Net/XMPP/Debug.pm line 154. syntax error in line 1 of /home/ben/.sendxmpprc
[ben@Nyx:~/projects/sendxmpp] cat ~/.sendxmpprc ben@im.office.gdi "secrethello" there [ben@Nyx:~/projects/sendxmpp] echo "test message" | ./sendxmpp -v --ssl -j im.office.gdi ben@im.office.gdi Use of uninitialized value $args{"file"} in lc at /usr/share/perl5/Net/XMPP/Debug.pm line 154. sendxmpp: config: 'password' => '"secrethello"' sendxmpp: config: 'component' => 'there' sendxmpp: config: 'jserver' => 'im.office.gdi' sendxmpp: config: 'port' => '0' sendxmpp: config: 'username' => 'ben' sendxmpp: ssl_verify: 1 sendxmpp: tls_capath: Use of uninitialized value within @ in lc at /usr/share/perl5/XML/Stream/Parser.pm line 71. sendxmpp: Connect: 1 Error 'AuthSend': error: not-authorized[?] sendxmpp: Disconnect
It comes down to the regex here: if (/([.\w_#-]+)@([-.\w:;]+)\s+(\S+)\s*(\S+)?$/) { %config = ( 'username' => $1, 'jserver' => $2, 'port' => 0, 'password' => $3, 'component' => $4, );
The password (\S+) matches non-whitespace characters. No quoting or escaping is checked for. Adding support for quoting in the regex would be difficult without breaking passwords with quotation marks in them. Probably the best option would be to put each field on a seperate line, like: account: user server: server password: "password" component: componentname and consider everything between the first and last " part of the password, so ""hello there" => "hello there
— Reply to this email directly or view it on GitHub https://github.com/lhost/sendxmpp/issues/9#issuecomment-55417969.
Fixed
Since the fields in .sendxmpprc are whitespace seperated, there is no way to enter a password with a space in it.