Modify

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#222 closed defect (invalid)

webif: WEP validation too aggressive (includes patch)

Reported by: nmagedman@… Owned by: nbd
Priority: normal Milestone:
Component: packages Version: 1.0
Keywords: webif Cc:

Description

The WEP keys stored in the nvram variables wl0_key[1234] may contain 10 or 26 hexdigits, or alternatively they may contain 5 or 13 ascii chars. The validation routines in /usr/lib/webif/validate.awk are overly stringent and only permit hexdigit WEP keys, not ascii keys.

$ diff -Naur RC4 patched
diff -Naur RC4/usr/lib/webif/validate.awk patched/usr/lib/webif/validate.awk
--- RC4/usr/lib/webif/validate.awk	2006-01-18 01:35:32.000000000 +0200
+++ patched/usr/lib/webif/validate.awk	2006-01-18 01:35:47.000000000 +0200
@@ -38,12 +38,12 @@
 
 $1 == "wep" {
 	valid_type = 1
-	if (value !~ /^[0-9A-Fa-f]*$/) {
+	if ((length(value) != 0) && (length(value) != 5) && (length(value) != 10) && (length(value) != 13) && (length(value) != 26)) {
 		valid = 0
-		verr = "Invalid value"
-	} else if ((length(value) != 0) && (length(value) != 10) && (length(value) != 26)) {
+		verr = "Invalid key length: Hex keys must be 10 or 26 hexdigits; Ascii keys must be 5 or 13 chars."
+	} else if (((length(value) == 10) || (length(value) == 26)) && (value !~ /^[0-9A-Fa-f]*$/)) {
 		valid = 0
-		verr = "Invalid key length"
+		verr = "Invalid key: Hex keys may only contain hexdigits (0-9,A-F,a-f)"
 	} else if (value ~ /0$/) {
 		valid = 0
 		verr = "key must not end with '0'"

Attachments (0)

Change History (3)

comment:1 Changed 12 years ago by nbd

  • Owner changed from developers to nbd
  • Status changed from new to assigned

comment:2 Changed 12 years ago by nbd

  • Resolution set to fixed
  • Status changed from assigned to closed

Thanks for the patch. Added in [3011]

comment:3 Changed 12 years ago by mbm

  • Resolution changed from fixed to invalid

There's no standard on how to parse ascii values as WEP keys; some devices just use the ascii code directly while other devices use a hashing function. In short, it's better not to use ascii values.

This is not an openwrt bug.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.