YourFin
commented
6 years ago This appears to be due to using a custom written escaping mechanism in SnooperStopper/app/src/main/java/cz/eutopia/snooperstopper/CryptfsCommands.java , and should probably be replaced by either:
- Wrapping the passwords in single quotes, so the shell takes them literally, and then "escaping" single quotes with the slight hack of
'"'"' - A real escaping library
I don't know much about java and don't have android tooling on my machine, but this should be relatively easy to implement. This looks like a pretty good shell escaping function, but I'm not sure about pulling in more dependencies.
Here's my quick attempt at a replacement escape function implementing the first option:
private static String escape(String str) {
// Original:
//// escape double quotes and backslashes
//// FrameworkListener::dispatchCommand checks for this
////////NOTE: This line only needs to stay if FrameworkListener consumes
//////// the \ before the " in its processing
//String result = str.replaceAll("\\\"", "\\\\\"");
//// only do this if the original string had a backslash
//if (str.contains("\\")) {
// result = result.replaceAll("\\\\", "\\\\\\\\");
//}
//// escape single quotes for the shell
//result = result.replaceAll("'", "'\\\\''");
//return result;
// New version:
str = "'" + str.replaceAll("'", "'\"'\"'");
// FrameworkListener::dispatchCommand checks for this
//////NOTE: This line only needs to stay if FrameworkListener consumes
////// the \ before the " in its processing, otherwise they should be safe for
////// execution by the shell
String result = str.replaceAll("\\\"", "\\\\\"");
return result;
}@xmikos, does this make sense? I'd like to have a nice mechanism for entering my ridiculous passwords :)
When using a new password with spaces, it will spit out a generic error message about not being able to change the password. Maybe you could craft a specific error message and tell the user that spaces are not allowed