From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 45BC51FF136 for ; Mon, 23 Feb 2026 10:36:51 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BC15C5679; Mon, 23 Feb 2026 10:37:45 +0100 (CET) From: Maximiliano Sandoval To: pbs-devel@lists.proxmox.com Subject: [PATCH backup v3 1/3] fix #7054: client: remove trailing newlines from credentials Date: Mon, 23 Feb 2026 10:37:05 +0100 Message-ID: <20260223093710.36009-2-m.sandoval@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260223093710.36009-1-m.sandoval@proxmox.com> References: <20260223093710.36009-1-m.sandoval@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1771839416540 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.087 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: YGNEJOUEGHAVBTOMME3MUR6EGYQP2BOS X-Message-ID-Hash: YGNEJOUEGHAVBTOMME3MUR6EGYQP2BOS X-MailFrom: m.sandoval@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Many tools, including systemd-ask-password will add a trailing new line, in order to improve usability we strip trailing newlines. For repositories and fingerprints we simply strip trailing whitespaces. For passwords, we refer to the password regex at proxmox-schema: `^[[:^cntrl:]]*$`, we can only strip trailing control characters without potentially breaking existing passwords. For the sake of avoiding to strip more than necessary we only strip trailing newlines. The encryption password is just a blob of bytes handled locally by the client, we cannot remove trailing whitespace here without potential breakage. Creation of such passwords (via proxmox_sys::tty::read_and_verify_password) only verifies valid utf-8 and len >= 5. Signed-off-by: Maximiliano Sandoval --- pbs-client/src/tools/mod.rs | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pbs-client/src/tools/mod.rs b/pbs-client/src/tools/mod.rs index 7a496d14c..f28d9f32f 100644 --- a/pbs-client/src/tools/mod.rs +++ b/pbs-client/src/tools/mod.rs @@ -168,7 +168,17 @@ fn get_secret_impl(env_variable: &str, credential_name: &str) -> Result