[openwrt/openwrt] hostapd: fix logging of configuration content
LEDE Commits
lede-commits at lists.infradead.org
Fri Aug 1 13:14:14 PDT 2025
robimarko pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/682de550a0e7592842dbc941f962e002b0218847
commit 682de550a0e7592842dbc941f962e002b0218847
Author: Christian Korber <ck at dev.tdt.de>
AuthorDate: Wed May 21 14:36:00 2025 +0200
hostapd: fix logging of configuration content
As discussed in openwrt#17517, there are contents of hostapd's configuration file logged in syslog.
This includes critical information like `passphrase`. To circumvent this condition,
this commit logs only "inline" if config_fname is inline data.
Otherwise the upstream logic of hostapd applies.
Fixes: openwrt#14049
Signed-off-by: Christian Korber <ck at dev.tdt.de>
Link: https://github.com/openwrt/openwrt/pull/17718
Signed-off-by: Robert Marko <robimarko at gmail.com>
---
.../hostapd/patches/701-reload_config_inline.patch | 37 +++++++++++++++++++++-
1 file changed, 36 insertions(+), 1 deletion(-)
diff --git a/package/network/services/hostapd/patches/701-reload_config_inline.patch b/package/network/services/hostapd/patches/701-reload_config_inline.patch
index 9c142d1ab6..236337979a 100644
--- a/package/network/services/hostapd/patches/701-reload_config_inline.patch
+++ b/package/network/services/hostapd/patches/701-reload_config_inline.patch
@@ -8,7 +8,7 @@ as adding/removing interfaces.
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -4981,7 +4981,12 @@ struct hostapd_config * hostapd_config_r
+@@ -4981,7 +4981,14 @@ struct hostapd_config * hostapd_config_r
int errors = 0;
size_t i;
@@ -19,6 +19,8 @@ as adding/removing interfaces.
+ } else {
+ f = fopen(fname, "r");
+ }
++ wpa_printf(MSG_INFO, "Configuration file: Reading configuration file '%s'",
++ fname);
if (f == NULL) {
wpa_printf(MSG_ERROR, "Could not open configuration file '%s' "
"for reading.", fname);
@@ -39,3 +41,36 @@ as adding/removing interfaces.
if (f == NULL) {
wpa_printf(MSG_ERROR, "Failed to open config file '%s', "
"error: %s", name, strerror(errno));
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -406,7 +406,11 @@ hostapd_interface_init(struct hapd_inter
+ struct hostapd_iface *iface;
+ int k;
+
+- wpa_printf(MSG_DEBUG, "Configuration file: %s", config_fname);
++ if (!strncmp(config_fname, "data:", 5)) {
++ wpa_printf(MSG_DEBUG, "Configuration file: %s", "<inline>");
++ } else {
++ wpa_printf(MSG_DEBUG, "Configuration file: %s", config_fname);
++ }
+ iface = hostapd_init(interfaces, config_fname);
+ if (!iface)
+ return NULL;
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -3380,8 +3380,13 @@ hostapd_interface_init_bss(struct hapd_i
+ }
+ }
+
+- wpa_printf(MSG_INFO, "Configuration file: %s (phy %s)%s",
+- config_fname, phy, iface ? "" : " --> new PHY");
++ if (!strncmp(config_fname, "data:", 5)) {
++ wpa_printf(MSG_INFO, "Configuration file: %s (phy %s)%s",
++ "<inline>", phy, iface ? "" : " --> new PHY");
++ } else {
++ wpa_printf(MSG_INFO, "Configuration file: %s (phy %s)%s",
++ config_fname, phy, iface ? "" : " --> new PHY");
++ }
+
+ conf = interfaces->config_read_cb(config_fname);
+ if (!conf)
More information about the lede-commits
mailing list