[Sugar-devel] [PATCH sugar] Don't treat SSID as UTF-8 character sequence (fixes SL#2023)

Sascha Silbe silbe at activitycentral.com
Wed Apr 11 17:40:55 EDT 2012


Excerpts from Martin Langhoff's message of 2012-04-10 21:43:20 +0200:

> There is only one thing that still worries me. According to the spec,
> the ESSID may also contain nulls in the middle of the array. I don't
> know how NM handles such cases in its communication with nm-client via
> d-bus. I don't know even how to setup an AP to broadcast an ESSID with
> a null embedded.

Yes, that's the one case I wanted to test but couldn't (quickly) get
HostAP to do it. It would be good to check this on an XO to be sure
it's not exploitable (DoS). Sugar (with my patch), Python and D-Bus
should handle it correctly (see preview PNG data in data store
metadata for a similar situation) and I'm more worried about drivers
than about NM. That's also why I didn't put more energy into it (with
my SL hat on - testing the 0.94 backport is still ongoing): we can't
test the large number of different wireless drivers, even if we do
manage to create a suitable test environment. I also doubt that
anybody _not_ interested in breaking things (for fun or for profit)
would set up an AP with an embedded-NUL SSID, and there's got to be a
whole bunch of easier ways to hack an F14 system (which is the most
recent distro most XOs in deployments are going to be running) than
using a 32-byte octet sequence that may contain embedded NULs. It
would be a rather interesting challenge, though. :)

Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20120411/4bd85b7e/attachment-0001.pgp>


More information about the Sugar-devel mailing list