jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wpa_cli: Improve sensitive command detection for readline history

Browse source 
I had added flags to the every command description: just now the only
meaningful flag tells that this command has sensitive arguments and it
shouldn't be written to the disk.  I rewrote the logics for the search
for the sensitive commands: special procedure is now loops over all
commands and tries to see if command has sensitive data. [Bug 289]

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
This commit is contained in:
Eygene Ryabinkin 2009-01-05 21:05:05 +02:00 committed by Jouni Malinen
parent 413653e839
commit 40fd868c09
1 changed files with 125 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

176
wpa_supplicant/wpa_cli.c
View file

@ -1127,63 +1127,139 @@ static int wpa_cli_cmd_interface_list(struct wpa_ctrl *ctrl, int argc,
} }
enum wpa_cli_cmd_flags {
cli_cmd_flag_none = 0x00,
cli_cmd_flag_sensitive = 0x01
};
struct wpa_cli_cmd { struct wpa_cli_cmd {
const char *cmd; const char *cmd;
int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]); int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
enum wpa_cli_cmd_flags flags;
}; };
static struct wpa_cli_cmd wpa_cli_commands[] = { static struct wpa_cli_cmd wpa_cli_commands[] = {
{ "status", wpa_cli_cmd_status }, { "status", wpa_cli_cmd_status,
{ "ping", wpa_cli_cmd_ping }, cli_cmd_flag_none },
{ "mib", wpa_cli_cmd_mib }, { "ping", wpa_cli_cmd_ping,
{ "help", wpa_cli_cmd_help }, cli_cmd_flag_none },
{ "interface", wpa_cli_cmd_interface }, { "mib", wpa_cli_cmd_mib,
{ "level", wpa_cli_cmd_level }, cli_cmd_flag_none },
{ "license", wpa_cli_cmd_license }, { "help", wpa_cli_cmd_help,
{ "quit", wpa_cli_cmd_quit }, cli_cmd_flag_none },
{ "set", wpa_cli_cmd_set }, { "interface", wpa_cli_cmd_interface,
{ "logon", wpa_cli_cmd_logon }, cli_cmd_flag_none },
{ "logoff", wpa_cli_cmd_logoff }, { "level", wpa_cli_cmd_level,
{ "pmksa", wpa_cli_cmd_pmksa }, cli_cmd_flag_none },
{ "reassociate", wpa_cli_cmd_reassociate }, { "license", wpa_cli_cmd_license,
{ "preauthenticate", wpa_cli_cmd_preauthenticate }, cli_cmd_flag_none },
{ "identity", wpa_cli_cmd_identity }, { "quit", wpa_cli_cmd_quit,
{ "password", wpa_cli_cmd_password }, cli_cmd_flag_none },
{ "new_password", wpa_cli_cmd_new_password }, { "set", wpa_cli_cmd_set,
{ "pin", wpa_cli_cmd_pin }, cli_cmd_flag_none },
{ "otp", wpa_cli_cmd_otp }, { "logon", wpa_cli_cmd_logon,
{ "passphrase", wpa_cli_cmd_passphrase }, cli_cmd_flag_none },
{ "bssid", wpa_cli_cmd_bssid }, { "logoff", wpa_cli_cmd_logoff,
{ "list_networks", wpa_cli_cmd_list_networks }, cli_cmd_flag_none },
{ "select_network", wpa_cli_cmd_select_network }, { "pmksa", wpa_cli_cmd_pmksa,
{ "enable_network", wpa_cli_cmd_enable_network }, cli_cmd_flag_none },
{ "disable_network", wpa_cli_cmd_disable_network }, { "reassociate", wpa_cli_cmd_reassociate,
{ "add_network", wpa_cli_cmd_add_network }, cli_cmd_flag_none },
{ "remove_network", wpa_cli_cmd_remove_network }, { "preauthenticate", wpa_cli_cmd_preauthenticate,
{ "set_network", wpa_cli_cmd_set_network }, cli_cmd_flag_none },
{ "get_network", wpa_cli_cmd_get_network }, { "identity", wpa_cli_cmd_identity,
{ "save_config", wpa_cli_cmd_save_config }, cli_cmd_flag_none },
{ "disconnect", wpa_cli_cmd_disconnect }, { "password", wpa_cli_cmd_password,
{ "reconnect", wpa_cli_cmd_reconnect }, cli_cmd_flag_sensitive },
{ "scan", wpa_cli_cmd_scan }, { "new_password", wpa_cli_cmd_new_password,
{ "scan_results", wpa_cli_cmd_scan_results }, cli_cmd_flag_sensitive },
{ "bss", wpa_cli_cmd_bss }, { "pin", wpa_cli_cmd_pin,
{ "get_capability", wpa_cli_cmd_get_capability }, cli_cmd_flag_sensitive },
{ "reconfigure", wpa_cli_cmd_reconfigure }, { "otp", wpa_cli_cmd_otp,
{ "terminate", wpa_cli_cmd_terminate }, cli_cmd_flag_sensitive },
{ "interface_add", wpa_cli_cmd_interface_add }, { "passphrase", wpa_cli_cmd_passphrase,
{ "interface_remove", wpa_cli_cmd_interface_remove }, cli_cmd_flag_sensitive },
{ "interface_list", wpa_cli_cmd_interface_list }, { "bssid", wpa_cli_cmd_bssid,
{ "ap_scan", wpa_cli_cmd_ap_scan }, cli_cmd_flag_none },
{ "stkstart", wpa_cli_cmd_stkstart }, { "list_networks", wpa_cli_cmd_list_networks,
{ "ft_ds", wpa_cli_cmd_ft_ds }, cli_cmd_flag_none },
{ "wps_pbc", wpa_cli_cmd_wps_pbc }, { "select_network", wpa_cli_cmd_select_network,
{ "wps_pin", wpa_cli_cmd_wps_pin }, cli_cmd_flag_none },
{ "wps_reg", wpa_cli_cmd_wps_reg }, { "enable_network", wpa_cli_cmd_enable_network,
{ NULL, NULL } cli_cmd_flag_none },
{ "disable_network", wpa_cli_cmd_disable_network,
cli_cmd_flag_none },
{ "add_network", wpa_cli_cmd_add_network,
cli_cmd_flag_none },
{ "remove_network", wpa_cli_cmd_remove_network,
cli_cmd_flag_none },
{ "set_network", wpa_cli_cmd_set_network,
cli_cmd_flag_sensitive },
{ "get_network", wpa_cli_cmd_get_network,
cli_cmd_flag_none },
{ "save_config", wpa_cli_cmd_save_config,
cli_cmd_flag_none },
{ "disconnect", wpa_cli_cmd_disconnect,
cli_cmd_flag_none },
{ "reconnect", wpa_cli_cmd_reconnect,
cli_cmd_flag_none },
{ "scan", wpa_cli_cmd_scan,
cli_cmd_flag_none },
{ "scan_results", wpa_cli_cmd_scan_results,
cli_cmd_flag_none },
{ "bss", wpa_cli_cmd_bss,
cli_cmd_flag_none },
{ "get_capability", wpa_cli_cmd_get_capability,
cli_cmd_flag_none },
{ "reconfigure", wpa_cli_cmd_reconfigure,
cli_cmd_flag_none },
{ "terminate", wpa_cli_cmd_terminate,
cli_cmd_flag_none },
{ "interface_add", wpa_cli_cmd_interface_add,
cli_cmd_flag_none },
{ "interface_remove", wpa_cli_cmd_interface_remove,
cli_cmd_flag_none },
{ "interface_list", wpa_cli_cmd_interface_list,
cli_cmd_flag_none },
{ "ap_scan", wpa_cli_cmd_ap_scan,
cli_cmd_flag_none },
{ "stkstart", wpa_cli_cmd_stkstart,
cli_cmd_flag_none },
{ "ft_ds", wpa_cli_cmd_ft_ds,
cli_cmd_flag_none },
{ "wps_pbc", wpa_cli_cmd_wps_pbc,
cli_cmd_flag_none },
{ "wps_pin", wpa_cli_cmd_wps_pin,
cli_cmd_flag_sensitive },
{ "wps_reg", wpa_cli_cmd_wps_reg,
cli_cmd_flag_sensitive },
{ NULL, NULL, cli_cmd_flag_none }
}; };
#ifdef CONFIG_READLINE
static int cmd_has_sensitive_data(const char *cmd)
{
const char *c, *delim;
int n;
size_t len;
delim = os_strchr(cmd, ' ');
if (delim)
len = delim - cmd;
else
len = os_strlen(cmd);
for (n = 0; (c = wpa_cli_commands[n].cmd); n++) {
if (os_strncasecmp(cmd, c, len) == 0 && len == os_strlen(c))
return (wpa_cli_commands[n].flags &
cli_cmd_flag_sensitive);
}
return 0;
}
#endif /* CONFIG_READLINE */
static int wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[]) static int wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[])
{ {
struct wpa_cli_cmd *cmd, *match = NULL; struct wpa_cli_cmd *cmd, *match = NULL;
@ -1523,9 +1599,7 @@ static void wpa_cli_interactive(void)
char *p = h->line; char *p = h->line;
while (*p == ' ' || *p == '\t') while (*p == ' ' || *p == '\t')
p++; p++;
if (os_strncasecmp(p, "pa", 2) == 0 || if (cmd_has_sensitive_data(p)) {
os_strncasecmp(p, "o", 1) == 0 ||
os_strncasecmp(p, "n", 1) == 0) {
h = remove_history(where_history()); h = remove_history(where_history());
if (h) { if (h) {
os_free(h->line); os_free(h->line);