[Bug 1952549] Re: SSID and password not properly quoted/escaped when writing YAML

Maarten van der Schrieck 1952549 at bugs.launchpad.net
Sun Nov 28 15:13:06 UTC 2021 

This is a plain patch of changes performed on a git clone of
https://git.launchpad.net/ubuntu/+source/netcfg

The fix is simple: use Single-Quoted style when outputting SSID or
password, which means start and end with a single quote, and replace any
instance of ' with ''.

The code compiles, and should work, but is not tested. I have yet to
figure out how to run netcfg without generating a modified bootable
image and performing an install.

** Patch added: "0001-When-writing-wireless-config-quote-SSID-and-password.patch"
   https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/1952549/+attachment/5543931/+files/0001-When-writing-wireless-config-quote-SSID-and-password.patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to netcfg in Ubuntu.
https://bugs.launchpad.net/bugs/1952549

Title:
  SSID and password not properly quoted/escaped when writing YAML

Status in netcfg package in Ubuntu:
  New

Bug description:
  When writing the wireless YAML config file, the SSID and password are
  written as YAML unquoted string literal. This leads to invalid YAML
  when the SSID contains ": ", when the SSID or password starts with ',
  ", @, &, and possibly other characters/sequences. Also, SSIDs and
  passwords that themselves are quoted strings, will effectively be
  stored without quotes (the quotes contained in them will be part of
  YAML syntax and not of the SSID/password).

  Examples of SSIDs/passwords failing, one per line:

  @Home
  old network: don't use
  '60s museum
  "to be or not to be"
  @VerySecretP at ssword

  In some languages it is not uncommon to start words/sentences with an
  apostrophe, leading to the same issue as with the '60s museum example.

  The observed behavior is: When using the installer, WiFi is setup
  correctly, but the config file as written is invalid, so after first
  boot, WiFi is not connecting and an obscure YAML syntax error is
  logged somewhere.

  The expected behavior is: When using the installer, WiFi is setup
  correctly and the password is written in YAML file with quotes.
  Single-Quoted style looks best, where only single quote needs to be
  escaped by duplicating the character, so the examples of failing items
  would be encoded as such:

  '@Home'
  'old network: don''t use'
  '''60s museum'
  '"to be or not to be"'
  '@VerySecretP at ssword'

  Single-Quoted style supports printable characters, which sounds like a
  good fit for user-input SSIDs and passwords. Although quoting is often
  not needed, it seems wise to always quote freeform user input - who
  knows what future YAML standards/parsers may do.

  Reference: https://yaml.org/spec/1.2.2/#732-single-quoted-style

  This bug affects Ubuntu netcfg (not Debian) and is present from at
  least version 18, aka Bionic, up to what I believe is the current
  development branch I cloned from a git repository.

  I have a simple patch available and will be investigating how to
  format and submit it. As I understood, the first step is reporting a
  bug, so here goes!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/1952549/+subscriptions

More information about the foundations-bugs mailing list