NetBSD Problem Report #23948
Received: (qmail 5844 invoked by uid 605); 2 Jan 2004 13:17:19 -0000
Message-Id: <20040102131635.E68BE3CC7@string1.ciencias.uniovi.es>
Date: Fri, 02 Jan 2004 14:16:35 +0100
From: sobrado@acm.org
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: sobrado@acm.org
To: gnats-bugs@gnats.netbsd.org
Subject: wiconfig(8) accepts too large encryption keys
X-Send-Pr-Version: 3.95
>Number: 23948
>Category: bin
>Synopsis: wiconfig(8) accepts too large encryption keys
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jan 02 13:18:00 +0000 2004
>Closed-Date:
>Last-Modified: Sun Apr 30 10:44:07 +0000 2006
>Originator: Igor Sobrado
>Release: NetBSD 1.6.1
>Organization:
University of Oviedo
>Environment:
standard, unmodified, GENERIC-LAPTOP kernel.
Architecture: i386
Machine: i386
>Description:
wiconfig(8) accepts keys up to 112-bit length. Those are non-standard
keys that should not be used (is there a device that manages those
keys except 256-bit WEP ones?).
Another improvements that should be considered:
1. Accepting only 40-bit and 104-bit key lengths. Currently
wiconfig(8) accepts any encryption key with a length up to
112-bits (104-bit length once fixed). For example, 0xabcde
should not be a valid key (it is a 20-bit length key).
2. Hex encryption keys should use only chars in 0-9 and a-f/A-F.
Currently, wiconfig(8) replaces other chars in hex encryption
keys with zeroes (e.g., 0xabcdzf -> 0xabcd0f). Perhaps
those non-hex keys should be rejected or managed as ASCII keys.
It is up to the NetBSD team to decide the right behaviour.
I am not sure about the status in -current. Looks like wiconfig(8)
has changed a lot. But this patch should be useful for 1.6.1 at
least (other advices can be applied to -current, I thought.).
>How-To-Repeat:
Setting up a 14-char (112-bit) length key... when setting a
longer key, wiconfig(8) complains about setting up a key
greater than 14 chars!
>Fix:
--- wiconfig.c Fri Jan 2 12:31:51 2004
+++ wiconfig.c.proposed Fri Jan 2 12:32:41 2004
@@ -502,13 +502,13 @@
keys = (struct wi_ltv_keys *)&wreq;
if (key[0] == '0' && (key[1] == 'x' || key[1] == 'X')) {
- if (strlen(key) > 30)
+ if (strlen(key) > 28)
err(1, "encryption key must be no "
- "more than 28 hex digits long");
+ "more than 26 hex digits long");
} else {
- if (strlen(key) > 14)
+ if (strlen(key) > 13)
err(1, "encryption key must be no "
- "more than 14 characters long");
+ "more than 13 characters long");
}
if (idx > 3)
>Release-Note:
>Audit-Trail:
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.