fix leakage of wifi password reported by @Vodkin

geeksville · Aug 1, 2021 · 5f323e8 · 5f323e8
1 parent d40b66b
commit 5f323e8
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 4 deletions.
diff --git a/src/plugins/AdminPlugin.cpp b/src/plugins/AdminPlugin.cpp
@@ -12,6 +12,24 @@
 
 AdminPlugin *adminPlugin;
 
+/// A special reserved string to indicate strings we can not share with external nodes.  We will use this 'reserved' word instead.
+/// Also, to make setting work correctly, if someone tries to set a string to this reserved value we assume they don't really want a change.
+static const char *secretReserved = "sekrit";
+
+/// If buf is !empty, change it to secret
+static void hideSecret(char *buf) {
+    if(*buf) {
+        strcpy(buf, secretReserved);
+    }
+}
+
+/// If buf is the reserved secret word, replace the buffer with currentVal
+static void writeSecret(char *buf, const char *currentVal) {
+    if(strcmp(buf, secretReserved) == 0) {
+        strcpy(buf, currentVal);
+    }
+}
+
 void AdminPlugin::handleGetChannel(const MeshPacket &req, uint32_t channelIndex)
 {
     if (req.decoded.want_response) {
@@ -35,13 +53,15 @@ void AdminPlugin::handleGetRadio(const MeshPacket &req)
         // using to the app (so that even old phone apps work with new device loads).
         r.get_radio_response.preferences.ls_secs = getPref_ls_secs();
         r.get_radio_response.preferences.phone_timeout_secs = getPref_phone_timeout_secs();
+        // hideSecret(r.get_radio_response.preferences.wifi_ssid); // hmm - leave public for now, because only minimally private and useful for users to know current provisioning)
+        hideSecret(r.get_radio_response.preferences.wifi_password);
 
         r.which_variant = AdminMessage_get_radio_response_tag;
         myReply = allocDataProtobuf(r);
     }
 }
 
-bool AdminPlugin::handleReceivedProtobuf(const MeshPacket &mp, const AdminMessage *r)
+bool AdminPlugin::handleReceivedProtobuf(const MeshPacket &mp, AdminMessage *r)
 {
     assert(r);
     switch (r->which_variant) {
@@ -139,8 +159,9 @@ void AdminPlugin::handleSetChannel(const Channel &cc)
     }
 }
 
-void AdminPlugin::handleSetRadio(const RadioConfig &r)
+void AdminPlugin::handleSetRadio(RadioConfig &r)
 {
+    writeSecret(r.preferences.wifi_password, radioConfig.preferences.wifi_password);
     radioConfig = r;
 
     service.reloadConfig();

diff --git a/src/plugins/AdminPlugin.h b/src/plugins/AdminPlugin.h
@@ -17,12 +17,12 @@ class AdminPlugin : public ProtobufPlugin<AdminMessage>
 
     @return true if you've guaranteed you've handled this message and no other handlers should be considered for it
     */
-    virtual bool handleReceivedProtobuf(const MeshPacket &mp, const AdminMessage *p);
+    virtual bool handleReceivedProtobuf(const MeshPacket &mp, AdminMessage *p);
 
   private:
     void handleSetOwner(const User &o);
     void handleSetChannel(const Channel &cc);
-    void handleSetRadio(const RadioConfig &r);
+    void handleSetRadio(RadioConfig &r);
 
     void handleGetChannel(const MeshPacket &req, uint32_t channelIndex);
     void handleGetRadio(const MeshPacket &req);