[ipxe-devel] Password parsing
Robin Smidsrød
robin at smidsrod.no
Wed Oct 29 08:26:23 UTC 2014
On 28.10.2014 18:29, Christian Stroehmeier wrote:
> Hi everyone,
>
> I recently discovered that a '?' in your password will cause the
> password to be displayed in plain text during imgfetch. After looking
> into core/uri.c what was causing this I think the same is true for '#'
> and '@'. The parsing simply assumes these characters server their usual
> purpose when occurring in an URI.
>
> I tried working around that issue, but I am undecided how to do this
> correctly. First thing that comes to mind is starting at the end of the
> string searching backwards. Are there any drawbacks on this? If not I
> would implement it and send the patch.
This is most likely a regression from the refactoring/rewrite of the URL
parser from earlier this year (discussed on IRC 2014-03-03). I mentioned
some other issues back then that were causing issues, and this might
just be another one. To my knowledge these bugs have not been fixed yet.
I have a test case on https://gist.github.com/robinsmidsrod/9326960
that you might want to look more carefully at to see how your issue
might be similar.
-- Robin
More information about the ipxe-devel
mailing list