From patchwork Wed Sep 18 13:58:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: rnhmjoj X-Patchwork-Id: 1986822 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=H68yru99; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=inventati.org header.i=@inventati.org header.a=rsa-sha256 header.s=stigmate header.b=qL1EoPbs; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4X80ch3CD2z1y2j for ; Wed, 18 Sep 2024 23:59:00 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: MIME-Version:Message-ID:Subject:To:From:Date:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=U5XEbrncKXK8Hrj3Pc6mHo72pmLRwbJmyT8rxfdzL6U=; b=H68 yru992+zrs6zjwbkdGCb4/4B/ZWL/cA3UDjfCs/G1L65oSwf8a6RJmM17BpyWK2aV7Aj71GrBy7Zv tHZTK7vRwu/WaMLMPnobLvF2Hx9CcCr0C2KSa7PTI1Ek41z8FZ9LUUR1yYVWI9wzsfPFrstM7fD3x oFiS8+FUof+7U+bH8wpADLiscLyCfAXsA0006pRJ5kTPrc5r1Mgj6mGySv5xa36XxEBPMarn68xGT eVoZt0ZfL/bUSiwrjC6K3RRymJAJTon3SiX/gFTuiTlxUKvd73qjaI1VTaOb51svGkyKRrfR1pHU8 tg9zo1iDKmArnuTnzyqO2UoLi5/xVhQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1sqvCU-00000008Omf-1B2Y; Wed, 18 Sep 2024 13:58:34 +0000 Received: from confino.investici.org ([2a11:7980:1::2:0]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1sqvCQ-00000008Om7-3YcV for hostap@lists.infradead.org; Wed, 18 Sep 2024 13:58:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inventati.org; s=stigmate; t=1726667906; bh=94DaPx0xzzMhb915HBmaweHtED9BCBE0jWuHLPxj6fE=; h=Date:From:To:Subject:From; b=qL1EoPbsUtuOGA2o6ffoWAcHRuhbvArXqavkXe2ON40nboht1ylbcnkZaPakGWfZb LFJgR3uBVBzSwrkTtk6QiWSn8GbEG/EM2/l0IfwfWCF5ja/9XuB2LaTpgZnm1Fi+GP Tkl/KyskY+CD/6fzR7SnTY+nyxi6hOqqDGbhy600= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4X80c26YkHz11CX for ; Wed, 18 Sep 2024 13:58:26 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: rnhmjoj@inventati.org) by localhost (Postfix) with ESMTPSA id 4X80c26K62z11BR for ; Wed, 18 Sep 2024 13:58:26 +0000 (UTC) Date: Wed, 18 Sep 2024 15:58:25 +0200 From: rnhmjoj To: hostap@lists.infradead.org Subject: [PATCH] ext_password_file: do not use wpa_config_get_line Message-ID: MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240918_065831_055599_D7E60673 X-CRM114-Status: GOOD ( 16.58 ) X-Spam-Score: -2.8 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The file-based backed of the ext_password framework uses `wpa_config_get_line` to read the passwords line-by-line from a file. This function is meant to parse a single line from the wpa_supplicant.con [...] Content analysis details: (-2.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2a11:7980:1:0:0:0:2:0 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The file-based backed of the ext_password framework uses `wpa_config_get_line` to read the passwords line-by-line from a file. This function is meant to parse a single line from the wpa_supplicant.conf file, so it handles whitespace, quotes and other characters specially. Its behavior, however, it's not compatible with the rest of the ext_password framework implementation. For example, if a passphrase contains a `#` character it must be quoted to prevent parsing the remaining characters as an inline comment, but the code handling the external password in `wpa_supplicant_get_psk` does not handle quotes. The result is that either it will hash the enclosing quotes, producing a wrong PSK, or if the passphrase is long enough, fail the length check. As a consequence, some passphrases are impossible to input correctly. To solve this and other issues, this patch changes the behaviour of the `ext_password_file_get` function (which was not documented in details, at least w.r.t. special characters) to simply treat all characters literally: including trailing whitespaces (except CR and LF), `#` for inline comments, etc. Empty lines and full-line comments are still supported. Signed-off-by: Michele Guerini Rocco --- src/utils/ext_password_file.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/utils/ext_password_file.c b/src/utils/ext_password_file.c index 4bb0095f3..f631ff15c 100644 --- a/src/utils/ext_password_file.c +++ b/src/utils/ext_password_file.c @@ -9,7 +9,6 @@ #include "includes.h" #include "utils/common.h" -#include "utils/config.h" #include "ext_password_i.h" @@ -97,7 +96,16 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name) wpa_printf(MSG_DEBUG, "EXT PW FILE: get(%s)", name); - while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) { + while ((pos = fgets(buf, sizeof(buf), f))) { + line++; + + /* Strip newline characters */ + pos[strcspn(pos, "\r\n")] = 0; + + /* Skip comments and empty lines */ + if (*pos == '#' || *pos == '\0') + continue; + char *sep = os_strchr(pos, '='); if (!sep) {