Blame view

buildroot/buildroot-2016.08.1/package/hostapd/0005-WPS-Reject-a-Credential-with-invalid-passphrase.patch 2.79 KB
6b13f685e   김민수   BSP 최초 추가
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
  From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
  From: Jouni Malinen <jouni@qca.qualcomm.com>
  Date: Fri, 4 Mar 2016 17:20:18 +0200
  Subject: [PATCH] WPS: Reject a Credential with invalid passphrase
  
  WPA/WPA2-Personal passphrase is not allowed to include control
  characters. Reject a Credential received from a WPS Registrar both as
  STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
  WPA2PSK authentication type and includes an invalid passphrase.
  
  This fixes an issue where hostapd or wpa_supplicant could have updated
  the configuration file PSK/passphrase parameter with arbitrary data from
  an external device (Registrar) that may not be fully trusted. Should
  such data include a newline character, the resulting configuration file
  could become invalid and fail to be parsed.
  
  Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
  Signed-off-by: Baruch Siach <baruch@tkos.co.il>
  ---
  Patch status: upstream (ecbb0b3dc122b0d290987cf9c84010bbe53e1022)
  
   src/utils/common.c         | 12 ++++++++++++
   src/utils/common.h         |  1 +
   src/wps/wps_attr_process.c | 10 ++++++++++
   3 files changed, 23 insertions(+)
  
  diff --git a/src/utils/common.c b/src/utils/common.c
  index 450e2c6519ba..27b7c02de10b 100644
  --- a/src/utils/common.c
  +++ b/src/utils/common.c
  @@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len)
   }
   
   
  +int has_ctrl_char(const u8 *data, size_t len)
  +{
  +	size_t i;
  +
  +	for (i = 0; i < len; i++) {
  +		if (data[i] < 32 || data[i] == 127)
  +			return 1;
  +	}
  +	return 0;
  +}
  +
  +
   size_t merge_byte_arrays(u8 *res, size_t res_len,
   			 const u8 *src1, size_t src1_len,
   			 const u8 *src2, size_t src2_len)
  diff --git a/src/utils/common.h b/src/utils/common.h
  index 701dbb236ed5..a97224070385 100644
  --- a/src/utils/common.h
  +++ b/src/utils/common.h
  @@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
   
   char * wpa_config_parse_string(const char *value, size_t *len);
   int is_hex(const u8 *data, size_t len);
  +int has_ctrl_char(const u8 *data, size_t len);
   size_t merge_byte_arrays(u8 *res, size_t res_len,
   			 const u8 *src1, size_t src1_len,
   			 const u8 *src2, size_t src2_len);
  diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
  index eadb22fe2e78..e8c4579309ab 100644
  --- a/src/wps/wps_attr_process.c
  +++ b/src/wps/wps_attr_process.c
  @@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
   		cred->key_len--;
   #endif /* CONFIG_WPS_STRICT */
   	}
  +
  +
  +	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
  +	    (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
  +		wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
  +		wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
  +				      cred->key, cred->key_len);
  +		return -1;
  +	}
  +
   	return 0;
   }
   
  -- 
  2.8.1