git: f15df0adbcd2 - stable/14 - bsdconfig: Make sure that SSID names are properly escaped

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Wed, 20 May 2026 19:38:03 UTC
The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=f15df0adbcd299456fe4055707822de8e9b3a66b

commit f15df0adbcd299456fe4055707822de8e9b3a66b
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2026-05-12 14:16:46 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-05-20 19:37:15 +0000

    bsdconfig: Make sure that SSID names are properly escaped
    
    The f_menu_wpa_scan_results() function returns a list of networks
    discovered by a scan.  The untrusted network names are evaluated in
    f_dialog_menu_wireless_edit.  The quoting applied in
    f_menu_wpa_scan_results() protects against evaluation of something like
    "$(whoami)" but one can add single quotes to defeat that.
    
    Pass the SSID names through f_shell_escape to work around this.  Escape
    single quotes in f_dialog_wireless_edit() and f_menu_wireless_configs()
    too for consistency.
    
    I note that this module doesn't seem to actually work, see e.g.,
    bugzilla PR 229883.
    
    Approved by:    so
    Security:       FreeBSD-SA-26:23.bsdinstall
    Security:       CVE-2026-45255
    Reported by:    Austin Ralls
    Reviewed by:    dteske, des
    Differential Revision:  https://reviews.freebsd.org/D56974
---
 usr.sbin/bsdconfig/share/media/wlan.subr | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/usr.sbin/bsdconfig/share/media/wlan.subr b/usr.sbin/bsdconfig/share/media/wlan.subr
index 5847356d1925..5d271c403b3c 100644
--- a/usr.sbin/bsdconfig/share/media/wlan.subr
+++ b/usr.sbin/bsdconfig/share/media/wlan.subr
@@ -813,6 +813,7 @@ f_dialog_wireless_edit()
 		[ $nmatches -le ${#DIALOG_MENU_TAGS} ] || break
 		f_substr -v tag "$DIALOG_MENU_TAGS" $nmatches 1
 
+		f_shell_escape "$wssid" wssid
 		f_wireless_describe WIRELESS_$n help
 		menu_list1="$menu_list1
 			'$tag $wssid' '$wbssid' '$help'
@@ -1076,6 +1077,7 @@ f_menu_wireless_configs()
 	while [ $n -lt $nunique ]; do
 		n=$(( $n + 1 ))
 		menuitem_$n get ssid ssid
+		f_shell_escape "$ssid" ssid
 
 		menuitem_$n get nconfigs nconfigs
 		desc="$nconfigs $msg_configured_lc"
@@ -1184,6 +1186,7 @@ f_menu_wpa_scan_results()
 	while [ $n -lt $nunique ]; do
 		n=$(( $n + 1 ))
 		menuitem_$n get ssid ssid
+		f_shell_escape "$ssid" ssid
 
 		desc=
 		if [ "$DIALOG_MENU_WLAN_SHOW_ALL" ]; then