pohui_pohui/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-06-16 10:02:05 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

fix leakage of wifi password reported by @vodkin

Browse Source
This commit is contained in:
Kevin Hester 2021-08-01 11:21:36 -07:00
parent d40b66beac
commit 5f323e8bd1
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/plugins/AdminPlugin.cpp
View File

@ -12,6 +12,24 @@
AdminPlugin *adminPlugin;
/// A special reserved string to indicate strings we can not share with external nodes. We will use this 'reserved' word instead.
/// Also, to make setting work correctly, if someone tries to set a string to this reserved value we assume they don't really want a change.
static const char *secretReserved = "sekrit";
/// If buf is !empty, change it to secret
static void hideSecret(char *buf) {
if(*buf) {
strcpy(buf, secretReserved);
}
}
/// If buf is the reserved secret word, replace the buffer with currentVal
static void writeSecret(char *buf, const char *currentVal) {
if(strcmp(buf, secretReserved) == 0) {
strcpy(buf, currentVal);
}
}
void AdminPlugin::handleGetChannel(const MeshPacket &req, uint32_t channelIndex)
{
if (req.decoded.want_response) {
@ -35,13 +53,15 @@ void AdminPlugin::handleGetRadio(const MeshPacket &req)
// using to the app (so that even old phone apps work with new device loads).
r.get_radio_response.preferences.ls_secs = getPref_ls_secs();
r.get_radio_response.preferences.phone_timeout_secs = getPref_phone_timeout_secs();
// hideSecret(r.get_radio_response.preferences.wifi_ssid); // hmm - leave public for now, because only minimally private and useful for users to know current provisioning)
hideSecret(r.get_radio_response.preferences.wifi_password);
r.which_variant = AdminMessage_get_radio_response_tag;
myReply = allocDataProtobuf(r);
}
}
bool AdminPlugin::handleReceivedProtobuf(const MeshPacket &mp, const AdminMessage *r)
bool AdminPlugin::handleReceivedProtobuf(const MeshPacket &mp, AdminMessage *r)
{
assert(r);
switch (r->which_variant) {
@ -139,8 +159,9 @@ void AdminPlugin::handleSetChannel(const Channel &cc)
}
}
void AdminPlugin::handleSetRadio(const RadioConfig &r)
void AdminPlugin::handleSetRadio(RadioConfig &r)
{
writeSecret(r.preferences.wifi_password, radioConfig.preferences.wifi_password);
radioConfig = r;
service.reloadConfig();

4
src/plugins/AdminPlugin.h
View File

@ -17,12 +17,12 @@ class AdminPlugin : public ProtobufPlugin<AdminMessage>
@return true if you've guaranteed you've handled this message and no other handlers should be considered for it
*/
virtual bool handleReceivedProtobuf(const MeshPacket &mp, const AdminMessage *p);
virtual bool handleReceivedProtobuf(const MeshPacket &mp, AdminMessage *p);
private:
void handleSetOwner(const User &o);
void handleSetChannel(const Channel &cc);
void handleSetRadio(const RadioConfig &r);
void handleSetRadio(RadioConfig &r);
void handleGetChannel(const MeshPacket &req, uint32_t channelIndex);
void handleGetRadio(const MeshPacket &req);