bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Variabe managing problem


From: alberto . colosi
Subject: Variabe managing problem
Date: Sat, 15 Oct 2005 13:10:19 +0200

Hi, becouse unhappy of Orso's Changepassword for Squid, Apache and so on I 
costructed a change password CGI from myself.

I created a simple HTML page with a post to the CGI

I use ProcCGIInput.sh to read POST input and the variables arrive ESCAPED 
coded if some special char is inside.

ProcCGIInput.sh is from:
# Process input to a CGI script. Written and Copyright 1995 Frank Pilhofer
# You may freely use and distribute this code free of charge provided that
# this copyright notice remains.            address@hidden

and I use it from time in many CGI done by me.

Now with BASH v2 I had serious problems if after a special char even ] or 
) was numbers. The string is truncated or modified fucking off the change 
password checks and fuctionality.

I taken BASH 3 and compiled with NO OPTIONS IN    configure    and now 90% 
of problems disappeared with no changing in the CGI code.

I had some problems with ] and so to         printf           I added   %b

To eliminate escape sequences from ProcCGIInput.sh I use:
USER=`printf "$FORM_user"`
OLDP=`printf %b "$FORM_oldpw"`
NEWP1=`printf "$FORM_newpw1"`
NEWP2=`printf "$FORM_newpw2"`

Now, I had to remove         !           as other chars becouse even with 
all the good things that I had with %b and BASH v3 it create troubles!.

If inside the password is !1 or !2 and so on, the string is truncated at 
the esclamation mark.

I use a simple WHILE to check chars to enforce policies
while [ $CONTA -lt $LUNG ]; do

        ITEM=${PASS:$CONTA:1}

        if [[ $ITEM == *[a-zA-Z] ]]; then
                let CARAC=CARAC+1
                OK=1
        fi

        if [[ $ITEM == *[0-9]* ]]; then
                let NUMBER=NUMBER+1
                OK=1
        fi

        if [ `echo $POSSIBLESC | fgrep "$ITEM"` != "" ]; then
                let SPECI=SPECI+1
                OK=1
        fi

        if [ "$OK" = "0" ]; then
                BADP=1
        fi

#       printf ":::>$ITEM:$CONTA:$NEWP1:$FORM_new_pw1:$LUNG"

        let CONTA=CONTA+1
        OK=0
done

But becouse the string arrive modified obviously the user return a   BAD 
OLD PASSWORD or New PassWord not correct for policy rule xxxxxx

POSSIBLESC is the var where I putted all the special chars the user could 
chose to create its new password.

For sure I'm an intermediate or beginner but I have this kind of problem 
and I have seen that with BASH 3 90% of things has been solved.

Have I touse some code inside my script or is a problem of BASH?. How 
could I treath a variable ONLY AS A CONTAINER not interpreted or modified 
in any way from any kind of feature of BASH or from the system?.




Thanks about sugestions,




Best Regards, 

Alberto Colosi
IBM Global  Services
IBM Business Consulting Services
Sistemi Informativi S.P.A.
IT/ITS Division
IBM VTS Focal Point per SI
NetWork Control/Operations Center
    (NetWork and Security [*Master] office)
SECURITY IS EVERYONE'S BUSINESS






reply via email to

[Prev in Thread] Current Thread [Next in Thread]