[PATCHv2] Return with error when trying to set invalid WEP key length

Jouni Malinen j at w1.fi
Thu Sep 22 13:17:52 PDT 2016 

On Wed, Sep 21, 2016 at 04:03:47PM +0530, Saurav Babu wrote:
> While trying to set WEP key an invalid key length can be set, but
> set command returns "OK". User is unable to know about the invalid WEP
> key length. This patch returns "FAIL" so that user can correct WEP key.
> 
> Signed-off-by: Saurav Babu <saurav.babu at samsung.com>
> 
> v2: Check invalid WEP key length before wpa_config_set() so that existing
> functionality of wpa_supplicant to start with configuration file remains
> unaffected.

> diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
> @@ -2991,7 +2991,16 @@ static int wpa_supplicant_ctrl_iface_update_network(

> +	if (os_strstr(name, "wep_key") != NULL) {

Looking for a substring is not really very robust here. This extra check
should really only apply for the specific four variables that are used
to set a WEP key.

> +		/* value is in "" so subtract 2 from length */
> +		len = os_strlen(value) - 2;
> +		if (len != 5 && len != 13 && len != 16) {

This assumption is not accurate. wep_key# value can use any supporting
"string" format. In other words, hexdump of the raw value and the P"<printf
format>" option could also be used. This check would break those cases.

This would need to use wpa_config_parse_string() to figure out the exact
length if the check were to be done here. Or likely even better would be
to use wpa_config_parse_wep_key() so that there would be no need to
duplicate the list of allowed lengths. That function would obviously
need to be modified to allow the two different behaviors for the invalid
WEP key length (allow current behavior for configuration file reading
and option to reject the value for SET_NETWORK).

That said, I'm not really sure the extra complexity is justifiable now
that it becomes clearer what type of changes would be needed. What is
the use case that you are thinking of for this check? What is entering
the incorrectly formatted WEP key? Wouldn't it be cleaner to check for
validity at the component that allows the key to be entered in the first
place?

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list