Merge cherrypicks of ['googleplex-android-review.googlesource.com/24167433'] into security-aosp-rvc-release.android-security-11.0.0_r76 android-security-11.0.0_r75 android-security-11.0.0_r74 android-security-11.0.0_r73 android-security-11.0.0_r72 android11-security-release

Change-Id: I9b5a131d1f28171e1a3daf172ec0a6319aaef429
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-08-10 17:12:56 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-08-10 17:12:56 +0000
commit: 478ccb672ca203a73684377e1fc489214b2383a2 (patch)
tree: f0b2ea9103380a2e6d91eec9894ae709d8e97956
parent: 6b9381791398debdab93c9a6055342bb395342bc (diff)
parent: 11353d6b61f108edfeacadda6102585badbdb4f2 (diff)
download: wifi-android11-security-release.tar.gz
2 files changed, 17 insertions, 9 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index b02dcc0c0..b12b8161f 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -391,7 +391,8 @@ public class WifiConfigurationUtil {
         return true;
     }
 
-    private static boolean validatePassword(String password, boolean isAdd, boolean isSae) {
+    private static boolean validatePassword(String password, boolean isAdd, boolean isSae,
+            boolean isWapi) {
         if (isAdd) {
             if (password == null) {
                 Log.e(TAG, "validatePassword: null string");
@@ -432,8 +433,14 @@ public class WifiConfigurationUtil {
                 return false;
             }
         } else {
-            // HEX PSK string
-            if (password.length() != PSK_SAE_HEX_LEN) {
+            if (isWapi) {
+                // Protect system against malicious actors injecting arbitrarily large passwords.
+                if (password.length() > 100) {
+                    Log.e(TAG, "validatePassword failed: WAPI hex string too long: "
+                            + password.length());
+                    return false;
+                }
+            } else if (password.length() != PSK_SAE_HEX_LEN) {
                 Log.e(TAG, "validatePassword failed: hex string size mismatch: "
                         + password.length());
                 return false;
@@ -578,11 +585,11 @@ public class WifiConfigurationUtil {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_PSK)
-                && !validatePassword(config.preSharedKey, isAdd, false)) {
+                && !validatePassword(config.preSharedKey, isAdd, false, false)) {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WAPI_PSK)
-                && !validatePassword(config.preSharedKey, isAdd, false)) {
+                && !validatePassword(config.preSharedKey, isAdd, false, true)) {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.OWE)) {
@@ -598,7 +605,7 @@ public class WifiConfigurationUtil {
                 Log.e(TAG, "PMF must be enabled for SAE networks");
                 return false;
             }
-            if (!validatePassword(config.preSharedKey, isAdd, true)) {
+            if (!validatePassword(config.preSharedKey, isAdd, true, false)) {
                 return false;
             }
         }
@@ -743,7 +750,7 @@ public class WifiConfigurationUtil {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_PSK)
-                && !validatePassword(config.preSharedKey, true, false)) {
+                && !validatePassword(config.preSharedKey, true, false, false)) {
             return false;
         }
         if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.OWE)) {
@@ -757,7 +764,7 @@ public class WifiConfigurationUtil {
             if (!config.requirePmf) {
                 return false;
             }
-            if (!validatePassword(config.preSharedKey, true, true)) {
+            if (!validatePassword(config.preSharedKey, true, true, false)) {
                 return false;
             }
         }
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
index fb8ada1e0..d1000fe9f 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
@@ -407,7 +407,8 @@ public class WifiConfigurationUtilTest extends WifiBaseTest {
         WifiConfiguration config = WifiConfigurationTestUtil.createWapiPskNetwork();
         assertTrue(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
 
-        config.preSharedKey = "abcd123456788990013453445345465465476546";
+        config.preSharedKey = "01234567890123456789012345678901234567890123456789012345678901234567"
+                + "890123456789012345678901234567890";
         assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
         config.preSharedKey = "";
         assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD));
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-08-10 17:12:56 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-08-10 17:12:56 +0000
commit	478ccb672ca203a73684377e1fc489214b2383a2 (patch)
tree	f0b2ea9103380a2e6d91eec9894ae709d8e97956
parent	6b9381791398debdab93c9a6055342bb395342bc (diff)
parent	11353d6b61f108edfeacadda6102585badbdb4f2 (diff)
download	wifi-android11-security-release.tar.gz