Update password check for WAPI
Do not allow arbitrarily large passwords.
Bug: 275339978
Test: compile
(cherry picked from commit 38707fb4ff1405663cc24affc95244f4cc830499)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9c914b0be9b553164b343ca981b5d57e163a4574)
Merged-In: I15f3aff373af56c253a50c308d886a7acf661e59
Change-Id: I15f3aff373af56c253a50c308d886a7acf661e59
(cherry picked from commit 88d536105770e6c7aef14ff53534ffaf72e29e0e)
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index 6e8eb61..11eb0c4 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -445,7 +445,8 @@
return true;
}
- private static boolean validatePassword(String password, boolean isAdd, boolean isSae) {
+ private static boolean validatePassword(String password, boolean isAdd, boolean isSae,
+ boolean isWapi) {
if (isAdd) {
if (password == null) {
Log.e(TAG, "validatePassword: null string");
@@ -487,7 +488,14 @@
}
} else {
// HEX PSK string
- if (password.length() != PSK_SAE_HEX_LEN) {
+ if (isWapi) {
+ // Protect system against malicious actors injecting arbitrarily large passwords.
+ if (password.length() > 100) {
+ Log.e(TAG, "validatePassword failed: WAPI hex string too long: "
+ + password.length());
+ return false;
+ }
+ } else if (password.length() != PSK_SAE_HEX_LEN) {
Log.e(TAG, "validatePassword failed: hex string size mismatch: "
+ password.length());
return false;
@@ -689,15 +697,15 @@
return false;
}
if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_PSK)
- && !validatePassword(config.preSharedKey, isAdd, false)) {
+ && !validatePassword(config.preSharedKey, isAdd, false, false)) {
return false;
}
if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_SAE)
- && !validatePassword(config.preSharedKey, isAdd, true)) {
+ && !validatePassword(config.preSharedKey, isAdd, true, false)) {
return false;
}
if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_WAPI_PSK)
- && !validatePassword(config.preSharedKey, isAdd, false)) {
+ && !validatePassword(config.preSharedKey, isAdd, false, true)) {
return false;
}
if (!validateEnterpriseConfig(config, isAdd)) {
@@ -846,11 +854,11 @@
return false;
}
if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_PSK)
- && !validatePassword(config.preSharedKey, true, false)) {
+ && !validatePassword(config.preSharedKey, true, false, false)) {
return false;
}
if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_SAE)
- && !validatePassword(config.preSharedKey, true, true)) {
+ && !validatePassword(config.preSharedKey, true, true, false)) {
return false;
}
// TBD: Validate some enterprise params as well in the future here.
diff --git a/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
index b497bb5..af9b08b 100644
--- a/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
+++ b/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
@@ -433,7 +433,8 @@
WifiConfiguration config = WifiConfigurationTestUtil.createWapiPskNetwork();
assertTrue(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
- config.preSharedKey = "abcd123456788990013453445345465465476546";
+ config.preSharedKey = "01234567890123456789012345678901234567890123456789012345678901234567"
+ + "890123456789012345678901234567890";
assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
config.preSharedKey = "";
assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));