On Mon, Dec 05, 2016 at 10:17:55AM +0000, Michael Vogt wrote: > I was playing around with wpa_passphrase and discovered, that newlines are not stripped away when using wpa_passphrase (similar like CVE-2016-4476?). So if someone uses wpa_passphrase to generate a configuration file a user might add arbitrary data to the configuration file, example: > > [root@linux ~]# wpa_passphrase "FOO > > BAR > > #" "PASS > > EAP=MD5 > > #” I don't see wpa_passphrase as a tool that would be used to generate a configuration file without direct user interaction in providing the passphrase and editing the configuration file, so in that sense, this looks quite different from CVE-2016-4476. Anyway, it sounds reasonable for wpa_passphrase to use same validation steps for the passphrase and reject the string if control characters are included, so I'll add that check there. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
