Broken wpa_passphrase - \n characters are not parsed

Jouni Malinen j at
Mon Dec 5 05:40:59 PST 2016

On Mon, Dec 05, 2016 at 10:17:55AM +0000, Michael Vogt wrote:
> I was playing around with wpa_passphrase and discovered, that newlines are not stripped away when using wpa_passphrase (similar like CVE-2016-4476?). So if someone uses wpa_passphrase to generate a configuration file a user might add arbitrary data to the configuration file, example: 
> [root at linux ~]# wpa_passphrase "FOO
> > BAR
> > #" "PASS
> > EAP=MD5
> > #”

I don't see wpa_passphrase as a tool that would be used to generate a
configuration file without direct user interaction in providing the
passphrase and editing the configuration file, so in that sense, this
looks quite different from CVE-2016-4476. Anyway, it sounds reasonable
for wpa_passphrase to use same validation steps for the passphrase and
reject the string if control characters are included, so I'll add that
check there.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list