DivestOS/Patches/LineageOS-20.0/ASB-2023-10/wifi-01.patch

From 1a4b9ef510410a8d8c90e80352357f08c49f10c5 Mon Sep 17 00:00:00 2001
From: Oscar Shu <xshu@google.com>
Date: Fri, 7 Jul 2023 02:21:41 +0000
Subject: [PATCH] Update password check for WAPI

Do not allow arbitrarily large passwords.

Bug: 275339978

Test: compile
(cherry picked from commit 38707fb4ff1405663cc24affc95244f4cc830499)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:36deae20de1a8905e6cc72764e449b2d6e469f9e)
Merged-In: I15f3aff373af56c253a50c308d886a7acf661e59
Change-Id: I15f3aff373af56c253a50c308d886a7acf661e59
---
 .../server/wifi/WifiConfigurationUtil.java    | 22 +++++++++++++------
 .../wifi/WifiConfigurationUtilTest.java       |  3 ++-
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index 9e8b660374..40837ff703 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -467,7 +467,8 @@ private static boolean validateBssid(String bssid) {
         return true;
     }
 
-    private static boolean validatePassword(String password, boolean isAdd, boolean isSae) {
+    private static boolean validatePassword(String password, boolean isAdd, boolean isSae,
+            boolean isWapi) {
         if (isAdd) {
             if (password == null) {
                 Log.e(TAG, "validatePassword: null string");
@@ -509,7 +510,14 @@ private static boolean validatePassword(String password, boolean isAdd, boolean
             }
         } else {
             // HEX PSK string
-            if (password.length() != PSK_SAE_HEX_LEN) {
+            if (isWapi) {
+                // Protect system against malicious actors injecting arbitrarily large passwords.
+                if (password.length() > 100) {
+                    Log.e(TAG, "validatePassword failed: WAPI hex string too long: "
+                            + password.length());
+                    return false;
+                }
+            } else if (password.length() != PSK_SAE_HEX_LEN) {
                 Log.e(TAG, "validatePassword failed: hex string size mismatch: "
                         + password.length());
                 return false;
@@ -713,15 +721,15 @@ public static boolean validate(WifiConfiguration config, long supportedFeatureSe
             return false;
         }
         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_PSK)
-                && !validatePassword(config.preSharedKey, isAdd, false)) {
+                && !validatePassword(config.preSharedKey, isAdd, false, false)) {
             return false;
         }
         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_SAE)
-                && !validatePassword(config.preSharedKey, isAdd, true)) {
+                && !validatePassword(config.preSharedKey, isAdd, true, false)) {
             return false;
         }
         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_WAPI_PSK)
-                && !validatePassword(config.preSharedKey, isAdd, false)) {
+                && !validatePassword(config.preSharedKey, isAdd, false, true)) {
             return false;
         }
         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_DPP)
@@ -880,11 +888,11 @@ public static boolean validateNetworkSpecifier(WifiNetworkSpecifier specifier) {
             return false;
         }
         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_PSK)
-                && !validatePassword(config.preSharedKey, true, false)) {
+                && !validatePassword(config.preSharedKey, true, false, false)) {
             return false;
         }
         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_SAE)
-                && !validatePassword(config.preSharedKey, true, true)) {
+                && !validatePassword(config.preSharedKey, true, true, false)) {
             return false;
         }
         // TBD: Validate some enterprise params as well in the future here.
diff --git a/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
index 7cabcd873a..b505c0c0d3 100644
--- a/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
+++ b/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
@@ -466,7 +466,8 @@ public void testValidateNegativeCases_BadHexPskLengthWapi() {
         assertTrue(WifiConfigurationUtil.validate(config, SUPPORTED_FEATURES_ALL,
                 WifiConfigurationUtil.VALIDATE_FOR_ADD));
 
-        config.preSharedKey = "abcd123456788990013453445345465465476546";
+        config.preSharedKey = "01234567890123456789012345678901234567890123456789012345678901234567"
+                + "890123456789012345678901234567890";
         assertFalse(WifiConfigurationUtil.validate(config, SUPPORTED_FEATURES_ALL,
                 WifiConfigurationUtil.VALIDATE_FOR_ADD));
         config.preSharedKey = "";
20.0: October ASB picks wget https://github.com/GrapheneOS/platform_packages_services_Telecomm/commit/c873988898e1b520e0e4cfda77e26ec4377a4ce9.patch -O telecomm-01.patch wget https://github.com/GrapheneOS/platform_packages_providers_MediaProvider/commit/0fb5786dbf8b462eb106df912a7f65ab240f0d6a.patch -O mediaprovider-01.patch wget https://github.com/GrapheneOS/platform_packages_modules_Wifi/commit/1a4b9ef510410a8d8c90e80352357f08c49f10c5.patch -O wifi-01.patch wget https://github.com/GrapheneOS/platform_packages_modules_Bluetooth/commit/364a1d99624e8dca6501d98166efbb8061362970.patch -O bluetooth-01.patch wget https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/87a06448b96e1ccd2403ae5c90b15efdd8585444.patch -O settings-01.patch wget https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/aaba724a6858fba3754c11bfafd92b22f090c570.patch -O settings-02.patch wget https://github.com/GrapheneOS/platform_frameworks_native/commit/507304e1f59236675bfd820290b329f5f7334ec0.patch -O native-01.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/89489ff5dd9b7717f0421ca4e90bc060af1ba8b7.patch -O base-01.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/d1765c47157a99ecdc44537b5cadbb9726892967.patch -O base-02.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/cbb1a0ecd6b67735bdb735d76606bc03f6b955bf.patch -O base-03.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/4725772c0b3f0db2940e70851e145ec4ec71768b.patch -O base-04.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/19747f69235d208e3d61099c76fa47aa792fe3a7.patch -O base-05.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/e7a1aa9ed0bc69853bc83d098e15b8fa3b1881b4.patch -O base-06.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/922a7860b1baf29ff5cb53a31d01c341cd2b9ecb.patch -O base-07.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/ed183ed9122416026ed27d4877f96a545fe42316.patch -O base-08.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/c6fbe1330a77c479ea3e29b54523682d0f248420.patch -O base-09.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/9141cac175caaf176377d088e334d0991482fd6a.patch -O base-10.patch wget https://github.com/GrapheneOS/platform_frameworks_av/commit/41235bcc67a2122bc1d6a4d19e8356b3d1ada91e.patch -O av-01.patch wget https://github.com/GrapheneOS/platform_frameworks_av/commit/a89f704701e6af4a4809f4bb4911af88a023226f.patch -O av-02.patch wget https://github.com/GrapheneOS/platform_frameworks_av/commit/6d7cd80d77ed35efbe168f627dda021a5d8dd766.patch -O av-03.patch wget https://github.com/GrapheneOS/platform_frameworks_av/commit/75fc175a08c1a8e86d4649c19fd3136121518b96.patch -O av-04.patch wget https://github.com/GrapheneOS/platform_frameworks_av/commit/b023ec300f437494d6d6b23b03607e308dae43d2.patch -O av-05.patch wget https://github.com/GrapheneOS/platform_frameworks_av/commit/c8117d1539078bb3339b5d5fffe063a9135c2c21.patch -O av-06.patch wget https://github.com/GrapheneOS/platform_frameworks_av/commit/f06d23d824f60e98299d03f21c0715477666936d.patch -O av-07.patch wget https://github.com/GrapheneOS/platform_frameworks_av/commit/9c7408ab0710a9e36fd2a258098afde863cb6544.patch -O av-08.patch wget https://github.com/GrapheneOS/platform_packages_apps_Launcher3/commit/cfbfcefb3ce6bcd4d099cba4f45a8c6a0c02e6e6.patch -O launcher-01.patch wget https://github.com/GrapheneOS/platform_external_libxml2/commit/4a27a7f162907facfbeddf2d4ae4c6ab7c6eb15a.patch -O libxml-01.patch Signed-off-by: Tad <tad@spotco.us> 2023-10-03 14:30:46 -04:00			`From 1a4b9ef510410a8d8c90e80352357f08c49f10c5 Mon Sep 17 00:00:00 2001`
			`From: Oscar Shu <xshu@google.com>`
			`Date: Fri, 7 Jul 2023 02:21:41 +0000`
			`Subject: [PATCH] Update password check for WAPI`

			`Do not allow arbitrarily large passwords.`

			`Bug: 275339978`

			`Test: compile`
			`(cherry picked from commit 38707fb4ff1405663cc24affc95244f4cc830499)`
			`(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:36deae20de1a8905e6cc72764e449b2d6e469f9e)`
			`Merged-In: I15f3aff373af56c253a50c308d886a7acf661e59`
			`Change-Id: I15f3aff373af56c253a50c308d886a7acf661e59`
			`---`
			`.../server/wifi/WifiConfigurationUtil.java \| 22 +++++++++++++------`
			`.../wifi/WifiConfigurationUtilTest.java \| 3 ++-`
			`2 files changed, 17 insertions(+), 8 deletions(-)`

			`diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java`
			`index 9e8b660374..40837ff703 100644`
			`--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java`
			`+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java`
			`@@ -467,7 +467,8 @@ private static boolean validateBssid(String bssid) {`
			`return true;`
			`}`

			`- private static boolean validatePassword(String password, boolean isAdd, boolean isSae) {`
			`+ private static boolean validatePassword(String password, boolean isAdd, boolean isSae,`
			`+ boolean isWapi) {`
			`if (isAdd) {`
			`if (password == null) {`
			`Log.e(TAG, "validatePassword: null string");`
			`@@ -509,7 +510,14 @@ private static boolean validatePassword(String password, boolean isAdd, boolean`
			`}`
			`} else {`
			`// HEX PSK string`
			`- if (password.length() != PSK_SAE_HEX_LEN) {`
			`+ if (isWapi) {`
			`+ // Protect system against malicious actors injecting arbitrarily large passwords.`
			`+ if (password.length() > 100) {`
			`+ Log.e(TAG, "validatePassword failed: WAPI hex string too long: "`
			`+ + password.length());`
			`+ return false;`
			`+ }`
			`+ } else if (password.length() != PSK_SAE_HEX_LEN) {`
			`Log.e(TAG, "validatePassword failed: hex string size mismatch: "`
			`+ password.length());`
			`return false;`
			`@@ -713,15 +721,15 @@ public static boolean validate(WifiConfiguration config, long supportedFeatureSe`
			`return false;`
			`}`
			`if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_PSK)`
			`- && !validatePassword(config.preSharedKey, isAdd, false)) {`
			`+ && !validatePassword(config.preSharedKey, isAdd, false, false)) {`
			`return false;`
			`}`
			`if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_SAE)`
			`- && !validatePassword(config.preSharedKey, isAdd, true)) {`
			`+ && !validatePassword(config.preSharedKey, isAdd, true, false)) {`
			`return false;`
			`}`
			`if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_WAPI_PSK)`
			`- && !validatePassword(config.preSharedKey, isAdd, false)) {`
			`+ && !validatePassword(config.preSharedKey, isAdd, false, true)) {`
			`return false;`
			`}`
			`if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_DPP)`
			`@@ -880,11 +888,11 @@ public static boolean validateNetworkSpecifier(WifiNetworkSpecifier specifier) {`
			`return false;`
			`}`
			`if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_PSK)`
			`- && !validatePassword(config.preSharedKey, true, false)) {`
			`+ && !validatePassword(config.preSharedKey, true, false, false)) {`
			`return false;`
			`}`
			`if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_SAE)`
			`- && !validatePassword(config.preSharedKey, true, true)) {`
			`+ && !validatePassword(config.preSharedKey, true, true, false)) {`
			`return false;`
			`}`
			`// TBD: Validate some enterprise params as well in the future here.`
			`diff --git a/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java`
			`index 7cabcd873a..b505c0c0d3 100644`
			`--- a/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java`
			`+++ b/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java`
			`@@ -466,7 +466,8 @@ public void testValidateNegativeCases_BadHexPskLengthWapi() {`
			`assertTrue(WifiConfigurationUtil.validate(config, SUPPORTED_FEATURES_ALL,`
			`WifiConfigurationUtil.VALIDATE_FOR_ADD));`

			`- config.preSharedKey = "abcd123456788990013453445345465465476546";`
			`+ config.preSharedKey = "01234567890123456789012345678901234567890123456789012345678901234567"`
			`+ + "890123456789012345678901234567890";`
			`assertFalse(WifiConfigurationUtil.validate(config, SUPPORTED_FEATURES_ALL,`
			`WifiConfigurationUtil.VALIDATE_FOR_ADD));`
			`config.preSharedKey = "";`