#226 Special Chars in PXE Menu Passwords Cause Problems

v1.0 (example)
Web Portal (54)

I have fought with this issue for a few weeks. At our office, we use a global local admin password that includes a ' character.

When setting the PXE menu passwords to match our local admin password, the system always reports that the Encrypted Master Password is null. Through trial and error, as well as some code digging, I determined that the problem is caused by improper string handling when passing the unencrypted password to md5pass. No attempt is made at escaping any special characters.

I have written a very short fix to the issue. adding the following line:

$string = addcslashes($string, "\\\"'!*/():;@?#\$%^&[]{}<>,. ");

immediately above

exec( $bin . " " . $string, $output, $intRet );

fixes the issue. I have attached my modified version of functions.include.php for your review here. I would submit it for inclusion, but I'm new to sourceforge and don't know how to submit it through official channels.


  • Thndrchld

    Thndrchld - 2013-03-01

    Updated to escape special chars in sysLinuxEncrypt function.

  • SocialFish

    SocialFish - 2013-03-01

    Single quotes are also a problem for the Join Domain function, but only if they come in pairs. A single ' is not a problem, but something'like'this for your password is bound to cause domain-join failures.
    BTW, is this still where patches are submitted since the forums moved over to http://fogproject.org/ ?

  • mastacontrola

    mastacontrola - 2014-04-07

    We've since moved to iPXE which uses the regular FOG Login information to verify people.

  • mastacontrola

    mastacontrola - 2014-04-07
    • status: open --> closed
    • Group: --> v1.0 (example)

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks