[PATCH 1/2] ext_password_file: Ensure full key match with password file entries
Joshua Manchester
joshuamanchester4 at gmail.com
Tue Jan 21 11:38:47 PST 2025
When searching for a matching key in the external password file, strings
were only compared up to the length of the key in the file. This meant
searching for key "foo" could retrieve the incorrect password if keys
"f" or "fo" were defined earlier in the file.
Signed-off-by: Joshua Manchester <joshuamanchester4 at gmail.com>
---
src/utils/ext_password_file.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/utils/ext_password_file.c b/src/utils/ext_password_file.c
index 312251263..158500ced 100644
--- a/src/utils/ext_password_file.c
+++ b/src/utils/ext_password_file.c
@@ -83,6 +83,7 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
struct ext_password_file_data *data = ctx;
struct wpabuf *password = NULL;
char buf[512], *pos;
+ size_t name_len;
int line = 0;
FILE *f;
@@ -94,6 +95,8 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
return NULL;
}
+ name_len = os_strlen(name);
+
wpa_printf(MSG_DEBUG, "EXT PW FILE: get(%s)", name);
while ((pos = fgets(buf, sizeof(buf), f))) {
@@ -121,7 +124,8 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
}
- if (os_strncmp(name, pos, sep - pos) != 0)
+ if (name_len != (size_t) (sep - pos) ||
+ os_strncmp(name, pos, sep - pos) != 0)
continue;
password = wpabuf_alloc_copy(sep + 1, os_strlen(sep + 1));
--
2.47.0
More information about the Hostap
mailing list