From 1ce37105da371c8b9cf3f349f78f5aac77d40836 Mon Sep 17 00:00:00 2001 From: Joshua Manchester Date: Tue, 21 Jan 2025 19:38:47 +0000 Subject: [PATCH] ext_password_file: Ensure full key match with password file entries When searching for a matching key in the external password file, strings were only compared up to the length of the key in the file. This meant searching for key "foo" could retrieve the incorrect password if keys "f" or "fo" were defined earlier in the file. Signed-off-by: Joshua Manchester --- src/utils/ext_password_file.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/utils/ext_password_file.c b/src/utils/ext_password_file.c index 312251263..158500ced 100644 --- a/src/utils/ext_password_file.c +++ b/src/utils/ext_password_file.c @@ -83,6 +83,7 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name) struct ext_password_file_data *data = ctx; struct wpabuf *password = NULL; char buf[512], *pos; + size_t name_len; int line = 0; FILE *f; @@ -94,6 +95,8 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name) return NULL; } + name_len = os_strlen(name); + wpa_printf(MSG_DEBUG, "EXT PW FILE: get(%s)", name); while ((pos = fgets(buf, sizeof(buf), f))) { @@ -121,7 +124,8 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name) } - if (os_strncmp(name, pos, sep - pos) != 0) + if (name_len != (size_t) (sep - pos) || + os_strncmp(name, pos, sep - pos) != 0) continue; password = wpabuf_alloc_copy(sep + 1, os_strlen(sep + 1)); -- 2.47.2