@@ -9,7 +9,6 @@
#include "includes.h"
#include "utils/common.h"
-#include "utils/config.h"
#include "ext_password_i.h"
@@ -97,7 +96,16 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
wpa_printf(MSG_DEBUG, "EXT PW FILE: get(%s)", name);
- while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
+ while ((pos = fgets(buf, sizeof(buf), f))) {
+ line++;
+
+ /* Strip newline characters */
+ pos[strcspn(pos, "\r\n")] = 0;
+
+ /* Skip comments and empty lines */
+ if (*pos == '#' || *pos == '\0')
+ continue;
+
char *sep = os_strchr(pos, '=');
if (!sep) {
The file-based backed of the ext_password framework uses `wpa_config_get_line` to read the passwords line-by-line from a file. This function is meant to parse a single line from the wpa_supplicant.conf file, so it handles whitespace, quotes and other characters specially. Its behavior, however, it's not compatible with the rest of the ext_password framework implementation. For example, if a passphrase contains a `#` character it must be quoted to prevent parsing the remaining characters as an inline comment, but the code handling the external password in `wpa_supplicant_get_psk` does not handle quotes. The result is that either it will hash the enclosing quotes, producing a wrong PSK, or if the passphrase is long enough, fail the length check. As a consequence, some passphrases are impossible to input correctly. To solve this and other issues, this patch changes the behaviour of the `ext_password_file_get` function (which was not documented in details, at least w.r.t. special characters) to simply treat all characters literally: including trailing whitespaces (except CR and LF), `#` for inline comments, etc. Empty lines and full-line comments are still supported. Signed-off-by: Michele Guerini Rocco <rnhmjoj@inventati.org> --- src/utils/ext_password_file.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)