After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 782836 - create connection 802-1x.password-raw results in core dump
create connection 802-1x.password-raw results in core dump
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: nmcli
1.6.x
Other Linux
: Normal normal
: ---
Assigned To: Beniamino Galvani
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2017-05-19 14:01 UTC by olivpass
Modified: 2017-05-23 14:55 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
[PATCH] clients: fix setter for 802-1x.password-raw (2.63 KB, patch)
2017-05-19 20:45 UTC, Beniamino Galvani 		none Details | Review

Description olivpass 2017-05-19 14:01:00 UTC 
my using of nmcli for creating a wlan connection:

# nmcli con edit type wifi

===| nmcli interactive connection editor |===

Adding a new '802-11-wireless' connection

Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.

You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wifi-sec), 802-1x, ipv4, ipv6
nmcli> set connection.id myconnection

nmcli> set 802-11-wireless.ssid myssid
nmcli> set 802-1x.ca-cert path_to_my_cer/my.cer
nmcli> set 802-1x.eap peap
nmcli> set 802-1x.identity host/host.domain.lan
nmcli> set 802-1x.password-raw  E6 A0 9A EF B3 89 E7 AB 99 E6 AA 88 E2 BB 9F E3 BB 98 EE B5 93 E6 AA 82 E6 9F BD EE 8E 93 EE 88 88 EA B2 8B EF 87 B8 EE B5 85 E6 A6 A6 EA 88 80 EE 86 89 EB 96 A2 E6 92 A6 E6 BE 85 EF 9E AC E6 A4 A0 EE 91 A5 E6 BF 8D EB 99 B3 EA 93 AE EE 8E 82 EE 91 A0 EA A4 9D E3 B8 98 EF B6 91 EB 97 B6 E2 A9 A7 E2 8E B7 E7 AD 97 EB 8A 8A EF 8F A4 EA 98 94 EA 9A AD E3 AE 91 E3 A5 95 EE B1 A7 EA 9F 9E EF A4 B8 EF 8C 96 EF 93 81 E3 A9 B9 E7 96 B2 E7 9C 80 EF B6 8E E3 B1 BE EA B0 97 EF 9C 83 E7 AF B8 EA B6 85 E7 95 95 E2 B9 AA E3 8F AA E3 A8 AE EB A7 93 E7 B1 A7 EE BD 80 EF 8F AC EB 84 BF EA A8 A6 E3 8A B0 EA B3 84 E7 BF 9F E6 A4 9C E7 96 9A E6 96 A0 EB 8D AA E7 85 88 EA 97 B8 EB 97 9E E7 86 B4 EF 83 94 EA 98 BA EB 97 A9 EA 90 B2 E7 93 92 EA 88 8E EE AC 83 E3 98 B1 EE 8D A1 EA AD BC E7 97 9A E2 B5 B2 EB A7 82 EA 9F 9A EF 90 AD E6 89 87 EE 9F BF EA 9C AA EF A5 B3 EE AE A0 E7 A0 8C EF 8E 9F E7 B1 9F EB B6 9B E6 9A B2 E7 A2 9A EE 9A B7 E7 A8 97 EA 9A 83 E6 A8 94 EB AA 95 EE 8D B9 EB A9 BB E3 93 93 E7 AD 91 E3 80 8D EF B7 90 EA 98 B2 EB 94 8A E7 B4 B2 EF 8A A1 E3 A6 B7 EF AA A6 EE A7 84 EF A7 B4 EF 9C 97 E7 AF 8E EE 9D B9 E7 B5 8E E2 8F AC EB 8F B3 EE B5 A3 EB B0 B9 E7 B6 95 EA 87 91 EB A0 9F EF B8 AF EB B7 96 E7 98 8E E3 91 A3 EF A5 B9 EA 8E 9E C8 B6 E3 A4 98 EB BA B4 EE A2 88 EE B9 8C E3 91 81 E7 9C BC EE A7 B8 EA BA B4 E7 98 87 E7 BD 91 EE 99 97 D6 8B E2 8A B1 EE 8A A1 EE 82 85 EF 80 80 E6 B2 A2 EA BA BF EF 86 9E EE A2 84 E2 96 8D E6 99 A3 E6 96 B8 E3 BC 97 EB 9F AB E3 AC AE E7 97 8C E6 B9 A2 E3 8F 83 EB 8B AD E6 A4 BB E2 AE 8D E3 B3 82 E2 BA BD E7 91 87 E7 9B AE E2 A5 9E EE 9D 8C E6 BD A1 EE 85 B2 E7 BF 94 E3 86 AA E3 9E A8 E7 9C 99 E7 B3 99 E3 85 84 E7 8D BE E2 83 AC E2 B2 9C CC B6 EB 97 A1 DF 85 EF B2 A9 EB 8B 8D E6 9B B7 E2 AB B6 E6 8B B3 EF 99 85 EB B2 A9 EF 91 BA E6 BC AE EB AD BA EE 8E B2 E3 BD 97 EA AA 9D E3 89 B5 E3 A4 BE E7 A7 BE E6 B5 BC E3 B0 8F E6 BF 99 EF 8D B9 EA AA 94 EB AB AE EA A6 98 E3 8D A3 EB B5 9E E6 BB 93 E7 B6 B0 EE 9A 97 EB B6 BF E3 85 87
nmcli> set 802-1x.phase2-auth mschapv2

nmcli> set wifi-sec.key-mgmt wpa-eap

nmcli> set ipv4.method auto
nmcli> set ipv6.method auto

nmcli> save


sometimes i get a core dump. If it is working i get in /etc/NetworkManager/system-connections/myconnection something like this:

password-raw=115;101;99;111;110;100;97;114;105;101;115;0;

i am sure this is not my raw password!

thanks
Comment 1 Beniamino Galvani 2017-05-19 20:45:53 UTC 
Created attachment 352188 [details] [review]
[PATCH] clients: fix setter for 802-1x.password-raw

Patch for master.
Comment 2 Thomas Haller 2017-05-22 09:19:16 UTC 
patch lgtm.





I think you also need

+		guint8 v8;
+
 		if (!nmc_string_to_int_base (g_strstrip (*iter), 16, TRUE, 0, 255, &val_int)) {
 			g_set_error (error, 1, 0, _("'%s' is not a valid hex character"), *iter);
 			g_byte_array_free (array, TRUE);
 			success = FALSE;
 			goto done;
 		}
-		g_byte_array_append (array, (const guint8 *) &val_int, 1);
+		v8 = val_int;
+		g_byte_array_append (array, &v8, 1);


I put that patch on th/clients-meta-cleanup-bgo782943
Comment 3 olivpass 2017-05-22 13:43:59 UTC 
thank you for the patch. My next testing of this, shows that NetworkManager only read about 255 bytes of the raw data! So i still can not connect with my given password.

I generate my password with samba version 4.4.2 command "net ads changetrustpw". Bevore version 4.4.2, they generate a ascii password. Now it is changed to binary, longer than 255 bytes. They say, "it is like windows does".
Comment 4 Beniamino Galvani 2017-05-22 16:12:21 UTC 
(In reply to olivpass from comment #3)
> thank you for the patch. My next testing of this, shows that NetworkManager
> only read about 255 bytes of the raw data!

How did you see that only 255 bytes are used? It seems to me that there is no such limit and NM sends the full password to wpa_supplicant.
Comment 5 Thomas Haller 2017-05-23 11:36:59 UTC 
patch merged to master:

https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=22e39edd2afc67e68d71d7ed80c36dbbb49af7bb


Still needs backporting, and the 255 bytes question...
Comment 6 olivpass 2017-05-23 11:58:02 UTC 
you are right! It was my mistake. For debugging i did following change:

diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
index 3f607420c..d2dd5649a 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -156,7 +156,7 @@ nm_supplicant_config_add_option_with_type (NMSupplicantConfig *self,
                char buf[255];
                memset (&buf[0], 0, sizeof (buf));
                memcpy (&buf[0], opt->value, opt->len > 254 ? 254 : opt->len);
-               nm_log_info (LOGD_SUPPLICANT, "Config: added '%s' value '%s'", key, hidden ? hidden : &buf[0]);
+               nm_log_info (LOGD_SUPPLICANT, "Config: added '%s' value '%s'", key, &buf[0]);
        }

        g_hash_table_insert (priv->config, g_strdup (key), opt);


There is the 254 max size, but only for output on LOGD.

I have back ported to 1.0.12 and tested the patch. It is working!

Thank you, great work!
Comment 7 Beniamino Galvani 2017-05-23 14:55:29 UTC 
Merged:

https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=22e39edd2afc67e68d71d7ed80c36dbbb49af7bb

and backported to stable branches.