DO NOT MERGE: Update password check for WAPI

Do not allow arbitrarily large passwords. Bug: 275339978 Test: compile Change-Id: Ic997738f59b8959852856417a87634638bb3f025
author: Nate(Qiang) Jiang <qiangjiang@google.com> 2023-07-21 21:21:03 +0000
committer: Nate(Qiang) Jiang <qiangjiang@google.com> 2023-07-21 21:26:01 +0000
commit: 2cfaee8ef94211cdef61f407d953017e091c21d3 (patch)
tree: 1ca2938159473873727e6fc2c8897a24db4c2948
parent: 7edb516e85f3046424eb5ae41c9c10ece7fecc2f (diff)
download: wifi-2cfaee8ef94211cdef61f407d953017e091c21d3.tar.gz
2 files changed, 17 insertions, 9 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index b02dcc0c0..b12b8161f 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -391,7 +391,8 @@ public class WifiConfigurationUtil {
         return true;
     }
 
-    private static boolean validatePassword(String password, boolean isAdd, boolean isSae) {
+    private static boolean validatePassword(String password, boolean isAdd, boolean isSae,
+            boolean isWapi) {
         if (isAdd) {
             if (password == null) {
                 Log.e(TAG, "validatePassword: null string");
@@ -432,8 +433,14 @@ public class WifiConfigurationUtil {
                 return false;
             }
         } else {
-            // HEX PSK string
-            if (password.length() != PSK_SAE_HEX_LEN) {
+            if (isWapi) {
+                // Protect system against malicious actors injecting arbitrarily large passwords.
+                if (password.length() > 100) {
+                    Log.e(TAG, "validatePassword failed: WAPI hex string too long: "
+                            + password.length());
+                    return false;
+                }
+            } else if (password.length() != PSK_SAE_HEX_LEN) {
                 Log.e(TAG, "validatePassword failed: hex string size mismatch: "
                         + password.length());
                 return false;
@@ -578,11 +585,11 @@ public class WifiConfigurationUtil {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_PSK)
-                && !validatePassword(config.preSharedKey, isAdd, false)) {
+                && !validatePassword(config.preSharedKey, isAdd, false, false)) {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WAPI_PSK)
-                && !validatePassword(config.preSharedKey, isAdd, false)) {
+                && !validatePassword(config.preSharedKey, isAdd, false, true)) {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.OWE)) {
@@ -598,7 +605,7 @@ public class WifiConfigurationUtil {
                 Log.e(TAG, "PMF must be enabled for SAE networks");
                 return false;
             }
-            if (!validatePassword(config.preSharedKey, isAdd, true)) {
+            if (!validatePassword(config.preSharedKey, isAdd, true, false)) {
                 return false;
             }
         }
@@ -743,7 +750,7 @@ public class WifiConfigurationUtil {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_PSK)
-                && !validatePassword(config.preSharedKey, true, false)) {
+                && !validatePassword(config.preSharedKey, true, false, false)) {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.OWE)) {
@@ -757,7 +764,7 @@ public class WifiConfigurationUtil {
             if (!config.requirePmf) {
                 return false;
             }
-            if (!validatePassword(config.preSharedKey, true, true)) {
+            if (!validatePassword(config.preSharedKey, true, true, false)) {
                 return false;
             }
         }
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
index fb8ada1e0..d1000fe9f 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
@@ -407,7 +407,8 @@ public class WifiConfigurationUtilTest extends WifiBaseTest {
         WifiConfiguration config = WifiConfigurationTestUtil.createWapiPskNetwork();
         assertTrue(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
 
-        config.preSharedKey = "abcd123456788990013453445345465465476546";
+        config.preSharedKey = "01234567890123456789012345678901234567890123456789012345678901234567"
+                + "890123456789012345678901234567890";
         assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
         config.preSharedKey = "";
         assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
author	Nate(Qiang) Jiang <qiangjiang@google.com>	2023-07-21 21:21:03 +0000
committer	Nate(Qiang) Jiang <qiangjiang@google.com>	2023-07-21 21:26:01 +0000
commit	2cfaee8ef94211cdef61f407d953017e091c21d3 (patch)
tree	1ca2938159473873727e6fc2c8897a24db4c2948
parent	7edb516e85f3046424eb5ae41c9c10ece7fecc2f (diff)
download	wifi-2cfaee8ef94211cdef61f407d953017e091c21d3.tar.gz