DO NOT MERGE: Update password check for WAPI

Do not allow arbitrarily large passwords. Bug: 275339978 Test: compile Change-Id: Ic997738f59b8959852856417a87634638bb3f025
author: Nate(Qiang) Jiang <qiangjiang@google.com> 2023-07-21 21:21:03 +0000
committer: Nate(Qiang) Jiang <qiangjiang@google.com> 2023-07-21 21:25:46 +0000
commit: 46efe748622b396e93a75b8db5de8fd1a2fe9dda (patch)
tree: 1273ff49928b07194f0ca71bde0075c87efd2eeb
parent: 8994190bc4f6775226d4381223b680416bcf7095 (diff)
download: wifi-46efe748622b396e93a75b8db5de8fd1a2fe9dda.tar.gz
2 files changed, 17 insertions, 9 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index 7273da333..ffa9facf5 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -413,7 +413,8 @@ public class WifiConfigurationUtil {
         return true;
     }
 
-    private static boolean validatePassword(String password, boolean isAdd, boolean isSae) {
+    private static boolean validatePassword(String password, boolean isAdd, boolean isSae,
+            boolean isWapi) {
         if (isAdd) {
             if (password == null) {
                 Log.e(TAG, "validatePassword: null string");
@@ -454,8 +455,14 @@ public class WifiConfigurationUtil {
                 return false;
             }
         } else {
-            // HEX PSK string
-            if (password.length() != PSK_SAE_HEX_LEN) {
+            if (isWapi) {
+                // Protect system against malicious actors injecting arbitrarily large passwords.
+                if (password.length() > 100) {
+                    Log.e(TAG, "validatePassword failed: WAPI hex string too long: "
+                            + password.length());
+                    return false;
+                }
+            } else if (password.length() != PSK_SAE_HEX_LEN) {
                 Log.e(TAG, "validatePassword failed: hex string size mismatch: "
                         + password.length());
                 return false;
@@ -600,11 +607,11 @@ public class WifiConfigurationUtil {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_PSK)
-                && !validatePassword(config.preSharedKey, isAdd, false)) {
+                && !validatePassword(config.preSharedKey, isAdd, false, false)) {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WAPI_PSK)
-                && !validatePassword(config.preSharedKey, isAdd, false)) {
+                && !validatePassword(config.preSharedKey, isAdd, false, true)) {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.OWE)) {
@@ -620,7 +627,7 @@ public class WifiConfigurationUtil {
                 Log.e(TAG, "PMF must be enabled for SAE networks");
                 return false;
             }
-            if (!validatePassword(config.preSharedKey, isAdd, true)) {
+            if (!validatePassword(config.preSharedKey, isAdd, true, false)) {
                 return false;
             }
         }
@@ -765,7 +772,7 @@ public class WifiConfigurationUtil {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_PSK)
-                && !validatePassword(config.preSharedKey, true, false)) {
+                && !validatePassword(config.preSharedKey, true, false, false)) {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.OWE)) {
@@ -779,7 +786,7 @@ public class WifiConfigurationUtil {
             if (!config.requirePmf) {
                 return false;
             }
-            if (!validatePassword(config.preSharedKey, true, true)) {
+            if (!validatePassword(config.preSharedKey, true, true, false)) {
                 return false;
             }
         }
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
index 2bf35a7d0..853918a02 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
@@ -410,7 +410,8 @@ public class WifiConfigurationUtilTest extends WifiBaseTest {
         WifiConfiguration config = WifiConfigurationTestUtil.createWapiPskNetwork();
         assertTrue(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
 
-        config.preSharedKey = "abcd123456788990013453445345465465476546";
+        config.preSharedKey = "01234567890123456789012345678901234567890123456789012345678901234567"
+                + "890123456789012345678901234567890";
         assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
         config.preSharedKey = "";
         assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
author	Nate(Qiang) Jiang <qiangjiang@google.com>	2023-07-21 21:21:03 +0000
committer	Nate(Qiang) Jiang <qiangjiang@google.com>	2023-07-21 21:25:46 +0000
commit	46efe748622b396e93a75b8db5de8fd1a2fe9dda (patch)
tree	1273ff49928b07194f0ca71bde0075c87efd2eeb
parent	8994190bc4f6775226d4381223b680416bcf7095 (diff)
download	wifi-46efe748622b396e93a75b8db5de8fd1a2fe9dda.tar.gz