Bug 11725

Summary: vpnmain.cgi: special chars in passphrase breaks GUI and mix up fields
Product: IPFire Reporter: Stefan Bauer <sb>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: CLOSED DUPLICATE QA Contact: Peter Müller <peter.mueller>
Severity: Minor Usability    
Priority: Will affect an average number of users CC: adolf.belka, michael.tremer, mw+ipfire, peter.mueller, stefan.schantl, ummeegge
Version: 2   
Hardware: all   
OS: All   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=11162

Description Stefan Bauer 2018-05-17 07:57:34 UTC 
Adding a net2net ipsec connection and entering a PSK with "special" chars, renders the gui unusable. Also only a port of the password - up to the "special" char is added to the ipsec.secrets file.

Furthermore - some fields - remote ID, IP, subnet etc. is mixed up with other fields to to some replacement going on - triggered by "special" chars in PSK.

Here is a PSK, that triggers the bug:

53503h30h3f%&$§0j0f3hf03fh3fh#?!')(

Adding the PSK manually to the secrets-file works. So this i a limitation of vpnmain.cgi
Comment 1 Peter Müller 2020-04-10 11:05:33 UTC 
I can confirm this behaviour, which also happens for PKCS12 passwords.
Comment 2 Peter Müller 2020-05-03 09:12:18 UTC 
This seems to be applicable for OpenVPN, too (https://community.ipfire.org/t/problem-installation-openvpn/2146/4), which is why I cc'ed Erik.
Comment 3 Erik Kapfer 2020-05-04 14:05:16 UTC 
Hi all,
(In reply to Peter Müller from comment #2)
> This seems to be applicable for OpenVPN, too
> (https://community.ipfire.org/t/problem-installation-openvpn/2146/4), which
> is why I cc'ed Erik.
am running currently an OpenPVN-2.5_DEV version but this should makes no difference causing your mentioned PKCS#12 problem which i can not reproduce here.

Have tried it with ' ~!@#%^*_+-={}[]:,./`$&()|\";'<>? ' but also with the in here mentioned combination ' 53503h30h3f%&$§0j0f3hf03fh3fh#?!')( ' and have here no problem with this at all. Am currently also not sure what exactly your problem is since an detailed description is missing.

But this is related only for OpenVPN!

Best,

Erik
Comment 4 Man Grove 2020-12-05 12:31:47 UTC 
This bit me too a while ago -- a PSK I got from another vendor contained a comma, which broke IPSec.

That problem appeared because the /var/ipfire/vpn/config file is comma delimited, but input is not checked. Entering a comma (and, possibly, other special characters) in any field in the GUI destroys any future parsing of that file, assigning the completely wrong parameters to stuff. :-) This includes going from the first screen to the "advanced" one, as the latter screen depends on input in the first.

The fastest and laziest way of countering this is by doing a JavaScript check at form submission, but this will of course not cure the real problem (and not for non-JS users). Some form of character escaping for this file would fix the problem permanently.
Comment 5 Adolf Belka 2024-06-26 21:39:48 UTC 

*** This bug has been marked as a duplicate of bug 13209 ***
Comment 6 Man Grove 2024-06-26 21:49:54 UTC 

*** This bug has been marked as a duplicate of bug 13029 ***
Comment 7 Adolf Belka 2024-06-27 11:04:18 UTC 
@mangrove  Thanks for correcting the duplicate bug number.