| Message ID | CAPpUg6Mbgso5e=Ks8vXfj_JDa-Vk57fJUUbAJ5n-Ty9xjKMEBw@mail.gmail.com |
|---|---|
| State | New |
| Headers | show
Return-Path:
<hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
secure) header.d=lists.infradead.org header.i=@lists.infradead.org
header.a=rsa-sha256 header.s=bombadil.20210309 header.b=0QWER0Fk;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
header.s=20230601 header.b=LXa+vJpi;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
(client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4VJH8v4Bmmz1yY4
for <incoming@patchwork.ozlabs.org>; Tue, 16 Apr 2024 05:21:35 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help
:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:To:Subject:
Message-ID:Date:From:MIME-Version:Reply-To:Cc:Content-Transfer-Encoding:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner;
bh=xsYt2cRpLupD8+FQq+BJCAKl0aZV+K4uBMzNACxTL8E=; b=0QWER0Fkki8Y4sT2cylaZGTmrb
PT3b5rDsIKxOx2j00QPW9SJCz5hWNxzLvanG89p7kQyDE/KbF51LIclH6Xj22kyzTN7vOQ0xFeSH+
i6Yv6/JP3hJZqajwOhkci5OXfM8rT1X9bo38Um+nnX6Q+kq8cT80kM1xwMz/vMrIb7LFeBFimtlzX
kWONiOjSCfzXsanm0aF+lTJkQWYDmwZT8nV0KxXvVNAGCy3kTVWOg026g1QDGEGseMNvWEkiUzZVG
Th4oVatsrj/8Ad+JUZiHFkHv40YL+NCJgbX1n0Mq9vLBfbZZa0bu4ZseHbGQ3UMo25hVUlKNeOYcY
FzCXPT3Q==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
id 1rwRtE-00000009ZWl-3IFx;
Mon, 15 Apr 2024 19:21:16 +0000
Received: from mail-oo1-xc36.google.com ([2607:f8b0:4864:20::c36])
by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
id 1ruvGL-0000000CPzf-37Ab
for hostap@lists.infradead.org;
Thu, 11 Apr 2024 14:18:51 +0000
Received: by mail-oo1-xc36.google.com with SMTP id
006d021491bc7-5aa2bd6f651so3480180eaf.0
for <hostap@lists.infradead.org>;
Thu, 11 Apr 2024 07:18:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1712845127; x=1713449927;
darn=lists.infradead.org;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=0me8uU8WLaBTMKZ22SAZC4Os4MNgDnWpvwGqmSHLg4w=;
b=LXa+vJpieFQxzbast0wUBfHS9qmZMotV1B3itnvmC6pdn2JkOdmVtr7Mov3vTC3y37
J7JEzMXLWG+OvH75Uliv2eij343R/tamzfdtuyfd5i3RfMyVqGZSHrhRrB3lIvf3lg4a
evugEf3Sj64GkQfx/5oOTznnGbaDyT1sqXiLsKe6Fyk4K9EjNScWz6hbdOuGn0Bl2kz2
h5N/uO17EaBV1jI5SrTGg2p4i1ySa0dy6egMYV4B3cAb0/RV2f5q+0bupPwBrycax4Ny
U3MTm8bRkfaDzRLrtnAQJw7zkwF3skUYia8KD6ZSR9pkxNy7KBrJyTARyZ8hJS8Q0Ai8
yD9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1712845127; x=1713449927;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=0me8uU8WLaBTMKZ22SAZC4Os4MNgDnWpvwGqmSHLg4w=;
b=Ba+H1tcHE9T2Y1bGmbwrVnsf664b63R5zhPeCE9Fm9j0z1cVI/ONLzce05jeCk+dch
SRSyc+K+Gb470I8hbBQ8fI2qxF9EfOX7daZ5Tj2JZHpDWaR9G7nEtZoXJfWvZL5lrwIY
0nmtCeD6GqvRwi/XG/P6ny7126fUQtHud9yYERI19BguskCr0XoaO6ZPg4cTcYlBd5gi
4GJ0K9yGrWGmoMx3/BmJk7GxObHtr/KxGW2CgierLv6TA/Qxg/VAwbPJgI1zJI/6ZQwd
IM8W7p3I0ouFwpTFEU7T4Lj75ofoix+VWB8kwpjaD6mGNRJrpciL0lagsrsY36Q5xC0o
TrFw==
X-Gm-Message-State: AOJu0YwlSMqJNjocCoJIK9mEF5IM3beHuxBJtFOyQOndzQoTJgvVrhgN
NhI/cdEGRwJVatXpff5IQsO3B8o6icTvobWItLigF8KzTnSybJ9hcH7fQEIc1dOnlJs+on8OtUc
Z6FpjyExBP36V8GRrryR6ZlzSX2nsNScN
X-Google-Smtp-Source:
AGHT+IHqhWaH3SIX2I9CWdcI4r4gbdFrGic+aCnFKFPvhOiy7OHgIb6oUFA0ww5sekBt6pZj7sVxQG81f4Pru9eScSM=
X-Received: by 2002:a05:6820:1391:b0:5aa:3b8a:b491 with SMTP id
i17-20020a056820139100b005aa3b8ab491mr6805227oow.4.1712845127596; Thu, 11 Apr
2024 07:18:47 -0700 (PDT)
MIME-Version: 1.0
From: Baptiste Clenet <bapclenet@gmail.com>
Date: Thu, 11 Apr 2024 16:18:36 +0200
Message-ID:
<CAPpUg6Mbgso5e=Ks8vXfj_JDa-Vk57fJUUbAJ5n-Ty9xjKMEBw@mail.gmail.com>
Subject: wpa_config_get_line can badly parse a password with # and "
To: hostap@lists.infradead.org
Content-Type: multipart/mixed; boundary="00000000000063f9840615d2d5e5"
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20240411_071849_887555_07D448B4
X-CRM114-Status: GOOD ( 11.52 )
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "bombadil.infradead.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi,
Here is a password that wpa_config_get_line fails to parse
sae_password="0Y11D#E$4C"P/A;A4D#2x6D"" I made an example with several
password
on https://onlinegdb.com/9YFBl7Zba By patch in this example I mentionned
patch from xinpeng wang (sha:aca4d4963a65e49614ed8cd52836a2619775c1f6)
Content analysis details: (-0.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[bapclenet(at)gmail.com]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no
trust
[2607:f8b0:4864:20:0:0:0:c36 listed in]
[list.dnswl.org]
X-Mailman-Approved-At: Mon, 15 Apr 2024 12:21:15 -0700
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
|
| Series |
wpa_config_get_line can badly parse a password with # and "
|
expand
|
diff --git a/src/utils/config.c b/src/utils/config.c index ba26c2c..22aa221 100644 --- a/src/utils/config.c +++ b/src/utils/config.c @@ -66,20 +66,12 @@ char * wpa_config_get_line(char *s, int size, FILE *stream, int *line, * Remove # comments unless they are within a double quoted * string. */ - sstart = pos; + sstart = os_strchr(pos, '"'); + if (sstart) + sstart = os_strrchr(sstart + 1, '"'); + if (!sstart) + sstart = pos; end = os_strchr(sstart, '#'); - while (end) { - sstart = os_strchr(sstart, '"'); - if (!sstart || sstart > end) - break; - sstart = os_strchr(sstart + 1, '"'); - if (!sstart) - break; - sstart++; - if (sstart > end) - end = os_strchr(sstart, '#'); - } - if (end) *end-- = '\0'; else