Security issue in​

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Security issue in​

Alex H.

I just subscribed to tell you this issue I stumbled upon.

In​ [1] there is this line for generating the des
key and then putting it in the config. The way it is made, the key might
contain characters which break the sed expression putting the key in the
config file, so that the configured key is broken:

The line generating the key:

deskey=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9-_#&!*%?' | fold -w 24 |
head -n 1)

Taking a look on this example key:


It can contain a '&', which will break the sed expression:

sed -i "s|^\(\$config\['des_key'\] =\).*$|\1 \'${deskey}\';|"

so that the example key will bring this result in the config:

$config['des_key'] = '2S0?w1*6GXrxFSah!%$config['des_key'] =

instead of:

$config['des_key'] = '2S0?w1*6GXrxFSah!%&xjnaq';

Some info about my environment:

# cat /etc/centos-release
CentOS release 6.8 (Final)

# sed --version
GNU sed version 4.2.1

Best regards,
Alex H.

Roundcube Development discussion mailing list
[hidden email]