wpa_supplicant: add patch to fix ext_passwords_file bug (#342792)
This commit is contained in:
Michele Guerini Rocco
GitHub
commit
7eef63ed98
@ -8,6 +8,8 @@ let
|
|||||||
maintainers = [ oddlama rnhmjoj ];
|
maintainers = [ oddlama rnhmjoj ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
naughtyPassphrase = ''!,./;'[]\-=<>?:"{}|_+@$%^&*()`~ # ceci n'est pas un commentaire'';
|
||||||
|
|
||||||
runConnectionTest = name: extraConfig: runTest {
|
runConnectionTest = name: extraConfig: runTest {
|
||||||
name = "wpa_supplicant-${name}";
|
name = "wpa_supplicant-${name}";
|
||||||
inherit meta;
|
inherit meta;
|
||||||
@ -28,7 +30,7 @@ let
|
|||||||
ssid = "nixos-test-sae";
|
ssid = "nixos-test-sae";
|
||||||
authentication = {
|
authentication = {
|
||||||
mode = "wpa3-sae";
|
mode = "wpa3-sae";
|
||||||
saePasswords = [ { password = "reproducibility"; } ];
|
saePasswords = [ { password = naughtyPassphrase; } ];
|
||||||
};
|
};
|
||||||
bssid = "02:00:00:00:00:00";
|
bssid = "02:00:00:00:00:00";
|
||||||
};
|
};
|
||||||
@ -37,8 +39,8 @@ let
|
|||||||
authentication = {
|
authentication = {
|
||||||
mode = "wpa3-sae-transition";
|
mode = "wpa3-sae-transition";
|
||||||
saeAddToMacAllow = true;
|
saeAddToMacAllow = true;
|
||||||
saePasswordsFile = pkgs.writeText "password" "reproducibility";
|
saePasswordsFile = pkgs.writeText "password" naughtyPassphrase;
|
||||||
wpaPasswordFile = pkgs.writeText "password" "reproducibility";
|
wpaPasswordFile = pkgs.writeText "password" naughtyPassphrase;
|
||||||
};
|
};
|
||||||
bssid = "02:00:00:00:00:01";
|
bssid = "02:00:00:00:00:01";
|
||||||
};
|
};
|
||||||
@ -46,7 +48,7 @@ let
|
|||||||
ssid = "nixos-test-wpa2";
|
ssid = "nixos-test-wpa2";
|
||||||
authentication = {
|
authentication = {
|
||||||
mode = "wpa2-sha256";
|
mode = "wpa2-sha256";
|
||||||
wpaPassword = "reproducibility";
|
wpaPassword = naughtyPassphrase;
|
||||||
};
|
};
|
||||||
bssid = "02:00:00:00:00:02";
|
bssid = "02:00:00:00:00:02";
|
||||||
};
|
};
|
||||||
@ -66,7 +68,7 @@ let
|
|||||||
|
|
||||||
# secrets
|
# secrets
|
||||||
secretsFile = pkgs.writeText "wpa-secrets" ''
|
secretsFile = pkgs.writeText "wpa-secrets" ''
|
||||||
psk_nixos_test=reproducibility
|
psk_nixos_test=${naughtyPassphrase}
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
extraConfig
|
extraConfig
|
||||||
|
|||||||
@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
|
|||||||
hash = "sha256-X6mBbj7BkW66aYeSCiI3JKBJv10etLQxaTRfRgwsFmM=";
|
hash = "sha256-X6mBbj7BkW66aYeSCiI3JKBJv10etLQxaTRfRgwsFmM=";
|
||||||
revert = true;
|
revert = true;
|
||||||
})
|
})
|
||||||
|
./unsurprising-ext-password.patch
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO: Patch epoll so that the dbus actually responds
|
# TODO: Patch epoll so that the dbus actually responds
|
||||||
|
|||||||
@ -0,0 +1,66 @@
|
|||||||
|
From e5ac0dd1af48e085bb824082ef3b64afba673ded Mon Sep 17 00:00:00 2001
|
||||||
|
From: rnhmjoj <rnhmjoj@inventati.org>
|
||||||
|
Date: Wed, 18 Sep 2024 13:43:44 +0200
|
||||||
|
Subject: [PATCH] ext_password_file: do not use wpa_config_get_line
|
||||||
|
To: hostap@lists.infradead.org
|
||||||
|
|
||||||
|
The file-based backed of the ext_password framework uses
|
||||||
|
`wpa_config_get_line` to read the passwords line-by-line from a file.
|
||||||
|
This function is meant to parse a single line from the
|
||||||
|
wpa_supplicant.conf file, so it handles whitespace, quotes and other
|
||||||
|
characters specially.
|
||||||
|
|
||||||
|
Its behavior, however, it's not compatible with the rest of the
|
||||||
|
ext_password framework implementation. For example, if a passphrase
|
||||||
|
contains a `#` character it must be quoted to prevent parsing the
|
||||||
|
remaining characters as an inline comment, but the code handling the
|
||||||
|
external password in `wpa_supplicant_get_psk` does not handle quotes.
|
||||||
|
The result is that either it will hash the enclosing quotes, producing a
|
||||||
|
wrong PSK, or if the passphrase is long enough, fail the length check.
|
||||||
|
As a consequence, some passphrases are impossible to input correctly.
|
||||||
|
|
||||||
|
To solve this and other issues, this patch changes the behaviour of the
|
||||||
|
`ext_password_file_get` function (which was not documented in details,
|
||||||
|
at least w.r.t. special characters) to simply treat all characters
|
||||||
|
literally: including trailing whitespaces (except CR and LF), `#` for
|
||||||
|
inline comments, etc. Empty lines and full-line comments are still
|
||||||
|
supported.
|
||||||
|
|
||||||
|
Signed-off-by: Michele Guerini Rocco <rnhmjoj@inventati.org>
|
||||||
|
---
|
||||||
|
src/utils/ext_password_file.c | 12 ++++++++++--
|
||||||
|
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/utils/ext_password_file.c b/src/utils/ext_password_file.c
|
||||||
|
index 4bb0095f3..f631ff15c 100644
|
||||||
|
--- a/src/utils/ext_password_file.c
|
||||||
|
+++ b/src/utils/ext_password_file.c
|
||||||
|
@@ -9,7 +9,6 @@
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
#include "utils/common.h"
|
||||||
|
-#include "utils/config.h"
|
||||||
|
#include "ext_password_i.h"
|
||||||
|
|
||||||
|
|
||||||
|
@@ -97,7 +96,16 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
|
||||||
|
|
||||||
|
wpa_printf(MSG_DEBUG, "EXT PW FILE: get(%s)", name);
|
||||||
|
|
||||||
|
- while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
|
||||||
|
+ while ((pos = fgets(buf, sizeof(buf), f))) {
|
||||||
|
+ line++;
|
||||||
|
+
|
||||||
|
+ /* Strip newline characters */
|
||||||
|
+ pos[strcspn(pos, "\r\n")] = 0;
|
||||||
|
+
|
||||||
|
+ /* Skip comments and empty lines */
|
||||||
|
+ if (*pos == '#' || *pos == '\0')
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
char *sep = os_strchr(pos, '=');
|
||||||
|
|
||||||
|
if (!sep) {
|
||||||
|
--
|
||||||
|
2.44.1
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user