wireless-ap: Check that secret has the correct length and no invalid characters
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 30 Mar 2019 17:14:07 +0000 (18:14 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 30 Mar 2019 17:14:07 +0000 (18:14 +0100)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/functions/functions.util
src/functions/functions.wireless
src/hooks/ports/wireless-ap

index 4c1dbb4..7379a98 100644 (file)
@@ -745,6 +745,19 @@ contains_spaces() {
        return ${EXIT_FALSE}
 }
 
+contains_non_ascii_characters() {
+       local value="$@"
+
+       # Strip away all ASCII characters
+       local non_ascii="${value//[[:ascii:]]/}"
+
+       if isset non_ascii; then
+               return ${EXIT_TRUE}
+       fi
+
+       return ${EXIT_FALSE}
+}
+
 string_match() {
        local match=${1}
        local string=${2}
index 12204c0..733a356 100644 (file)
@@ -397,24 +397,23 @@ wireless_set_channel() {
 }
 
 wireless_pre_shared_key_is_valid() {
-       local encryption_mode="${1}"
-       local psk="${2}"
+       local psk="${1}"
 
        # Length of the PSK
        local l="${#psk}"
 
-       case "${encryption_mode}" in
-               # For WPA*, the key must be between 8 and 63 chars
-               WPA2-PSK|WPA2-PSK-SHA256|WPA-PSK|WPA-PSK-SHA256)
-                       if [ ${l} -ge 8 ] && [ ${l} -le 63 ]; then
-                               return ${EXIT_TRUE}
-                       fi
+       # For WPA*, the key must be between 8 and 63 chars
+       if [ ${l} -lt 8 ] || [ ${l} -gt 63 ]; then
+               return ${EXIT_FALSE}
+       fi
 
-                       return ${EXIT_FALSE}
-                       ;;
-       esac
+       # Can only contain ASCII chararcters
+       if contains_non_ascii_characters "${psk}"; then
+               return ${EXIT_FALSE}
+       fi
 
-       return ${EXIT_ERROR}
+       # Seems OK
+       return ${EXIT_TRUE}
 }
 
 wireless_client_is_connected() {
index 2528585..26e14d6 100644 (file)
@@ -156,9 +156,17 @@ hook_parse_cmdline() {
        fi
 
        # Check if SECRET is set when WPA* is enabled
-       if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
-               error "Secret is not set when PSK authentication is enabled"
-               return ${EXIT_ERROR}
+       if enabled WPA3_PERSONAL || enabled WPA2_PERSONAL; then
+               if ! isset SECRET; then
+                       error "Secret is not set when PSK authentication is enabled"
+                       return ${EXIT_ERROR}
+               fi
+
+               # Check if SECRET is valid
+               if ! wireless_pre_shared_key_is_valid "${SECRET}"; then
+                       error "The secret is in an invalid format"
+                       return ${EXIT_ERROR}
+               fi
        fi
 
        # Save address of phy do identify it again