Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Wi-Fi Provisioning : Bugfix in copying SSID and Passphrase

Browse source 
These changes guarantee that the SSID and Passphrase received via protocomm are NULL terminated and size limited to their standard lengths.

List of changes:
* Corrected length of passphrase field in wifi_prov_config_set_data_t structure
* Performing length checks on SSID, passphrase and bssid, when populating wifi_prov_config_set_data_t structure with received credentials
This commit is contained in:
Anurag Kar 2019-06-10 17:49:30 +05:30 committed by bot
parent 3b2e231ae3
commit 933674301f
2 changed files with 32 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
components/wifi_provisioning/include/wifi_provisioning/wifi_config.h
View file

@ -76,7 +76,7 @@ typedef struct {
*/
typedef struct {
char ssid[33]; /*!< SSID of the AP to which the slave is to be connected */
char password[65]; /*!< Password of the AP */
char password[64]; /*!< Password of the AP */
char bssid[6]; /*!< BSSID of the AP */
uint8_t channel; /*!< Channel of the AP */
} wifi_prov_config_set_data_t;

41
components/wifi_provisioning/src/wifi_config.c
View file

@ -151,15 +151,36 @@ static esp_err_t cmd_set_config_handler(WiFiConfigPayload *req,
wifi_prov_config_set_data_t req_data;
memset(&req_data, 0, sizeof(req_data));
memcpy(req_data.ssid, req->cmd_set_config->ssid.data,
req->cmd_set_config->ssid.len);
memcpy(req_data.password, req->cmd_set_config->passphrase.data,
req->cmd_set_config->passphrase.len);
memcpy(req_data.bssid, req->cmd_set_config->bssid.data,
req->cmd_set_config->bssid.len);
req_data.channel = req->cmd_set_config->channel;
if (h->set_config_handler(&req_data, &h->ctx) == ESP_OK) {
resp_payload->status = STATUS__Success;
/* Check arguments provided in protobuf packet:
* - SSID / Passphrase string length must be within the standard limits
* - BSSID must either be NULL or have length equal to that imposed by the standard
* If any of these conditions are not satisfied, don't invoke the handler and
* send error status without closing connection */
resp_payload->status = STATUS__InvalidArgument;
if (req->cmd_set_config->bssid.len != 0 &&
req->cmd_set_config->bssid.len != sizeof(req_data.bssid)) {
ESP_LOGD(TAG, "Received invalid BSSID");
} else if (req->cmd_set_config->ssid.len >= sizeof(req_data.ssid)) {
ESP_LOGD(TAG, "Received invalid SSID");
} else if (req->cmd_set_config->passphrase.len >= sizeof(req_data.password)) {
ESP_LOGD(TAG, "Received invalid Passphrase");
} else {
/* The received SSID and Passphrase are not NULL terminated so
* we memcpy over zeroed out arrays. Above length checks ensure
* that there is atleast 1 extra byte for null termination */
memcpy(req_data.ssid, req->cmd_set_config->ssid.data,
req->cmd_set_config->ssid.len);
memcpy(req_data.password, req->cmd_set_config->passphrase.data,
req->cmd_set_config->passphrase.len);
memcpy(req_data.bssid, req->cmd_set_config->bssid.data,
req->cmd_set_config->bssid.len);
req_data.channel = req->cmd_set_config->channel;
if (h->set_config_handler(&req_data, &h->ctx) == ESP_OK) {
resp_payload->status = STATUS__Success;
} else {
resp_payload->status = STATUS__InternalError;
}
}
resp->payload_case = WI_FI_CONFIG_PAYLOAD__PAYLOAD_RESP_SET_CONFIG;
@ -188,7 +209,7 @@ static esp_err_t cmd_apply_config_handler(WiFiConfigPayload *req,
if (h->apply_config_handler(&h->ctx) == ESP_OK) {
resp_payload->status = STATUS__Success;
} else {
resp_payload->status = STATUS__InvalidArgument;
resp_payload->status = STATUS__InternalError;
}
resp->payload_case = WI_FI_CONFIG_PAYLOAD__PAYLOAD_RESP_APPLY_CONFIG;