From 809b47e4eb2a99248ad122499e288610a5cd12ad Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@citrix.com>
Date: Thu, 17 Jul 2014 18:40:14 -0700
Subject: [PATCH] CLOUDSTACK-7124: Fix semicolon caused VPN programming issue

Semicolon can cause trouble in bash, need to be escaped.
---
 .../resource/virtualnetwork/ConfigHelper.java | 21 +++++++++----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/ConfigHelper.java b/core/src/com/cloud/agent/resource/virtualnetwork/ConfigHelper.java
index 25a2bd9890d..d94c1c660b5 100644
--- a/core/src/com/cloud/agent/resource/virtualnetwork/ConfigHelper.java
+++ b/core/src/com/cloud/agent/resource/virtualnetwork/ConfigHelper.java
@@ -19,15 +19,6 @@
 
 package com.cloud.agent.resource.virtualnetwork;
 
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.codec.binary.Base64;
-
-import com.google.gson.Gson;
-
 import com.cloud.agent.api.BumpUpPriorityCommand;
 import com.cloud.agent.api.SetupGuestNetworkCommand;
 import com.cloud.agent.api.routing.CreateIpAliasCommand;
@@ -62,6 +53,13 @@ import com.cloud.network.HAProxyConfigurator;
 import com.cloud.network.LoadBalancerConfigurator;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.utils.net.NetUtils;
+import com.google.gson.Gson;
+import org.apache.commons.codec.binary.Base64;
+
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
 
 public class ConfigHelper {
 
@@ -447,10 +445,11 @@ public class ConfigHelper {
             args += cmd.getPeerGatewayIp();
             args += " -N ";
             args += cmd.getPeerGuestCidrList();
+            // escape semicolon which may cause issue in bash
             args += " -e ";
-            args += "\"" + cmd.getEspPolicy() + "\"";
+            args += "\"" + cmd.getEspPolicy().replaceAll(";", "\\\\;") + "\"";
             args += " -i ";
-            args += "\"" + cmd.getIkePolicy() + "\"";
+            args += "\"" + cmd.getIkePolicy().replaceAll(";", "\\\\;") + "\"";
             args += " -t ";
             args += Long.toString(cmd.getIkeLifetime());
             args += " -T ";