Skip to content

Commit

Permalink
wifi sanitizing ssid names
Browse files Browse the repository at this point in the history
  • Loading branch information
sebhildebrandt committed Sep 19, 2023
1 parent d93a0ce commit 7972565
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 4 deletions.
5 changes: 5 additions & 0 deletions docs/history.html
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,11 @@ <h3>Full version history</h3>
</tr>
</thead>
<tbody>
<tr>
<th scope="row">5.21.7</th>
<td>2023-09-19</td>
<td><span class="code">wifiConnections()</span> <span class="code">wifiNetworks()</span>fixed security issue (linux)</td>
</tr>
<tr>
<th scope="row">5.21.6</th>
<td>2023-09-18</td>
Expand Down
4 changes: 2 additions & 2 deletions docs/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -166,11 +166,11 @@
<body>
<header class="bg-image-full">
<div class="top-container">
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.6.13</a>
<a href="security.html" class="recommendation">Security advisory:<br>Update to v5.21.7</a>
<img class="logo" src="assets/logo.png" alt="logo">
<div class="title">systeminformation</div>
<div class="subtitle"><span id="typed"></span>&nbsp;</div>
<div class="version">New Version: <span id="version">5.21.6</span></div>
<div class="version">New Version: <span id="version">5.21.7</span></div>
<button class="btn btn-light" onclick="location.href='https://github.com/sebhildebrandt/systeminformation'">View on Github <i class=" fab fa-github"></i></button>
</div>
<div class="down">
Expand Down
20 changes: 19 additions & 1 deletion docs/security.html
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,24 @@ <h2>Passing User Paramters to Systeminformation</h2>
<p class="warning">This can lead to serious impact on your servers!</p>
<p>We highly recommend to always upgrade to the latest version of our package. We maintain security updates for version 5 AND also version 4. For version 4 you can install latest version by placing <span class="code">"systeminformation": "^4"</span> in your package.json (dependencies) and run <span class="code">npm install</span></p>

<h2>SSID Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.21.07 and &lt; 4.34.22<br>
<span class="bold">Date:</span> 2023-09-19<br>
<span class="bold">CVE indentifier</span> -
</p>

<h4>Impact</h4>
<p>We had an issue that there was a possibility to perform a potential command injection possibility by crafting detected SSIDs in <span class="code">wifiConnections()</span>, <span class="code">wifiNetworks()</span>.</p>

<h4>Patch</h4>
<p>Problem was fixed with parameter checking. Please upgrade to version >= 5.7.21 (or >= 4.34.22 if you are using version 4).</p>

<h4>Workaround</h4>
<p>If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to <span class="code">wifiConnections()</span>, <span class="code">wifiNetworks()</span> (string only)</p>
<hr>
<br>

<h2>Command Injection Vulnerability</h2>
<p><span class="bold">Affected versions:</span>
&lt; 5.6.13 and &lt; 4.34.21<br>
Expand Down Expand Up @@ -255,4 +273,4 @@ <h4>Workaround</h4>
</script>
</body>

</html>
</html>
10 changes: 9 additions & 1 deletion lib/wifi.js
Original file line number Diff line number Diff line change
Expand Up @@ -549,7 +549,15 @@ function wifiConnections(callback) {
const wpaDetails = wpaConnectionLinux(ifaceSanitized);
const ssid = nmiDetails.ssid || wpaDetails.ssid;
const network = networkList.filter(nw => nw.ssid === ssid);
const nmiConnection = nmiConnectionLinux(ssid);
let ssidSanitized = '';
const t = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(ssid, true);
for (let i = 0; i <= util.mathMin(t.length, 2000); i++) {
if (t[i] !== undefined) {
ssidSanitized = ssidSanitized + t[i];
}
}

const nmiConnection = nmiConnectionLinux(ssidSanitized);
const channel = network && network.length && network[0].channel ? network[0].channel : (wpaDetails.channel ? wpaDetails.channel : null);
const bssid = network && network.length && network[0].bssid ? network[0].bssid : (wpaDetails.bssid ? wpaDetails.bssid : null);
if (ssid && bssid) {
Expand Down

2 comments on commit 7972565

@4S1ght
Copy link

@4S1ght 4S1ght commented on 7972565 Sep 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sebhildebrandt I've been looking into the SSID related vulnerability and I would just like to mention a tiny optimisation detail.
The loop in question -

for (let i = 0; i <= util.mathMin(t.length, 2000); i++)

- will rerun util.mathMin on each loop iteration, so in cases as such it is best assigning the function's result to a variable once instead of rerunning it everywhere.

Just a slight optimisation advice, won't make much difference, but who knows.
Not a huge change worth a fork & pull, so just leaving the message here.

@sebhildebrandt
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@4S1ght you are right! I normally try to avoid this but it seems have not seen ... actually I found 14 places, where I have not seen this ;-)

Please sign in to comment.