Broken wpa_passphrase - \n characters are not parsed
Jouni Malinen
j at w1.fi
Mon Dec 5 05:40:59 PST 2016
On Mon, Dec 05, 2016 at 10:17:55AM +0000, Michael Vogt wrote:
> I was playing around with wpa_passphrase and discovered, that newlines are not stripped away when using wpa_passphrase (similar like CVE-2016-4476?). So if someone uses wpa_passphrase to generate a configuration file a user might add arbitrary data to the configuration file, example:
>
> [root at linux ~]# wpa_passphrase "FOO
> > BAR
> > #" "PASS
> > EAP=MD5
> > #”
I don't see wpa_passphrase as a tool that would be used to generate a
configuration file without direct user interaction in providing the
passphrase and editing the configuration file, so in that sense, this
looks quite different from CVE-2016-4476. Anyway, it sounds reasonable
for wpa_passphrase to use same validation steps for the passphrase and
reject the string if control characters are included, so I'll add that
check there.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list