From patchwork Thu Apr 11 14:18:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Baptiste Clenet X-Patchwork-Id: 1923864 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=0QWER0Fk; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=LXa+vJpi; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VJH8v4Bmmz1yY4 for ; Tue, 16 Apr 2024 05:21:35 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:To:Subject: Message-ID:Date:From:MIME-Version:Reply-To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=xsYt2cRpLupD8+FQq+BJCAKl0aZV+K4uBMzNACxTL8E=; b=0QWER0Fkki8Y4sT2cylaZGTmrb PT3b5rDsIKxOx2j00QPW9SJCz5hWNxzLvanG89p7kQyDE/KbF51LIclH6Xj22kyzTN7vOQ0xFeSH+ i6Yv6/JP3hJZqajwOhkci5OXfM8rT1X9bo38Um+nnX6Q+kq8cT80kM1xwMz/vMrIb7LFeBFimtlzX kWONiOjSCfzXsanm0aF+lTJkQWYDmwZT8nV0KxXvVNAGCy3kTVWOg026g1QDGEGseMNvWEkiUzZVG Th4oVatsrj/8Ad+JUZiHFkHv40YL+NCJgbX1n0Mq9vLBfbZZa0bu4ZseHbGQ3UMo25hVUlKNeOYcY FzCXPT3Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rwRtE-00000009ZWl-3IFx; Mon, 15 Apr 2024 19:21:16 +0000 Received: from mail-oo1-xc36.google.com ([2607:f8b0:4864:20::c36]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1ruvGL-0000000CPzf-37Ab for hostap@lists.infradead.org; Thu, 11 Apr 2024 14:18:51 +0000 Received: by mail-oo1-xc36.google.com with SMTP id 006d021491bc7-5aa2bd6f651so3480180eaf.0 for ; Thu, 11 Apr 2024 07:18:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712845127; x=1713449927; darn=lists.infradead.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=0me8uU8WLaBTMKZ22SAZC4Os4MNgDnWpvwGqmSHLg4w=; b=LXa+vJpieFQxzbast0wUBfHS9qmZMotV1B3itnvmC6pdn2JkOdmVtr7Mov3vTC3y37 J7JEzMXLWG+OvH75Uliv2eij343R/tamzfdtuyfd5i3RfMyVqGZSHrhRrB3lIvf3lg4a evugEf3Sj64GkQfx/5oOTznnGbaDyT1sqXiLsKe6Fyk4K9EjNScWz6hbdOuGn0Bl2kz2 h5N/uO17EaBV1jI5SrTGg2p4i1ySa0dy6egMYV4B3cAb0/RV2f5q+0bupPwBrycax4Ny U3MTm8bRkfaDzRLrtnAQJw7zkwF3skUYia8KD6ZSR9pkxNy7KBrJyTARyZ8hJS8Q0Ai8 yD9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712845127; x=1713449927; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=0me8uU8WLaBTMKZ22SAZC4Os4MNgDnWpvwGqmSHLg4w=; b=Ba+H1tcHE9T2Y1bGmbwrVnsf664b63R5zhPeCE9Fm9j0z1cVI/ONLzce05jeCk+dch SRSyc+K+Gb470I8hbBQ8fI2qxF9EfOX7daZ5Tj2JZHpDWaR9G7nEtZoXJfWvZL5lrwIY 0nmtCeD6GqvRwi/XG/P6ny7126fUQtHud9yYERI19BguskCr0XoaO6ZPg4cTcYlBd5gi 4GJ0K9yGrWGmoMx3/BmJk7GxObHtr/KxGW2CgierLv6TA/Qxg/VAwbPJgI1zJI/6ZQwd IM8W7p3I0ouFwpTFEU7T4Lj75ofoix+VWB8kwpjaD6mGNRJrpciL0lagsrsY36Q5xC0o TrFw== X-Gm-Message-State: AOJu0YwlSMqJNjocCoJIK9mEF5IM3beHuxBJtFOyQOndzQoTJgvVrhgN NhI/cdEGRwJVatXpff5IQsO3B8o6icTvobWItLigF8KzTnSybJ9hcH7fQEIc1dOnlJs+on8OtUc Z6FpjyExBP36V8GRrryR6ZlzSX2nsNScN X-Google-Smtp-Source: AGHT+IHqhWaH3SIX2I9CWdcI4r4gbdFrGic+aCnFKFPvhOiy7OHgIb6oUFA0ww5sekBt6pZj7sVxQG81f4Pru9eScSM= X-Received: by 2002:a05:6820:1391:b0:5aa:3b8a:b491 with SMTP id i17-20020a056820139100b005aa3b8ab491mr6805227oow.4.1712845127596; Thu, 11 Apr 2024 07:18:47 -0700 (PDT) MIME-Version: 1.0 From: Baptiste Clenet Date: Thu, 11 Apr 2024 16:18:36 +0200 Message-ID: Subject: wpa_config_get_line can badly parse a password with # and " To: hostap@lists.infradead.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240411_071849_887555_07D448B4 X-CRM114-Status: GOOD ( 11.52 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, Here is a password that wpa_config_get_line fails to parse sae_password="0Y11D#E$4C"P/A;A4D#2x6D"" I made an example with several password on https://onlinegdb.com/9YFBl7Zba By patch in this example I mentionned patch from xinpeng wang (sha:aca4d4963a65e49614ed8cd52836a2619775c1f6) Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [bapclenet(at)gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:c36 listed in] [list.dnswl.org] X-Mailman-Approved-At: Mon, 15 Apr 2024 12:21:15 -0700 X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Hi, Here is a password that wpa_config_get_line fails to parse sae_password="0Y11D#E$4C"P/A;A4D#2x6D"" I made an example with several password on https://onlinegdb.com/9YFBl7Zba By patch in this example I mentionned patch from xinpeng wang (sha:aca4d4963a65e49614ed8cd52836a2619775c1f6) I suggest to revert the patch and to not allow " in comment # I didn't find any pattern that match my password and what xinpeng wang wanted (a=b #"abc") I attach a patch that revert xinpeng wang patch. What do you think? Feel free to include my patch, I'm not used to send patch as email Thanks, diff --git a/src/utils/config.c b/src/utils/config.c index ba26c2c..22aa221 100644 --- a/src/utils/config.c +++ b/src/utils/config.c @@ -66,20 +66,12 @@ char * wpa_config_get_line(char *s, int size, FILE *stream, int *line, * Remove # comments unless they are within a double quoted * string. */ - sstart = pos; + sstart = os_strchr(pos, '"'); + if (sstart) + sstart = os_strrchr(sstart + 1, '"'); + if (!sstart) + sstart = pos; end = os_strchr(sstart, '#'); - while (end) { - sstart = os_strchr(sstart, '"'); - if (!sstart || sstart > end) - break; - sstart = os_strchr(sstart + 1, '"'); - if (!sstart) - break; - sstart++; - if (sstart > end) - end = os_strchr(sstart, '#'); - } - if (end) *end-- = '\0'; else