SSID and password not properly quoted/escaped when writing YAML
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
netcfg (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
When writing the wireless YAML config file, the SSID and password are written as YAML unquoted string literal. This leads to invalid YAML when the SSID contains ": ", when the SSID or password starts with ', ", @, &, and possibly other characters/
Examples of SSIDs/passwords failing, one per line:
@Home
old network: don't use
'60s museum
"to be or not to be"
@VerySecretP@ssword
In some languages it is not uncommon to start words/sentences with an apostrophe, leading to the same issue as with the '60s museum example.
The observed behavior is: When using the installer, WiFi is setup correctly, but the config file as written is invalid, so after first boot, WiFi is not connecting and an obscure YAML syntax error is logged somewhere.
The expected behavior is: When using the installer, WiFi is setup correctly and the password is written in YAML file with quotes. Single-Quoted style looks best, where only single quote needs to be escaped by duplicating the character, so the examples of failing items would be encoded as such:
'@Home'
'old network: don''t use'
'''60s museum'
'"to be or not to be"'
'@VerySecretP@
Single-Quoted style supports printable characters, which sounds like a good fit for user-input SSIDs and passwords. Although quoting is often not needed, it seems wise to always quote freeform user input - who knows what future YAML standards/parsers may do.
Reference: https:/
This bug affects Ubuntu netcfg (not Debian) and is present from at least version 18, aka Bionic, up to what I believe is the current development branch I cloned from a git repository.
I have a simple patch available and will be investigating how to format and submit it. As I understood, the first step is reporting a bug, so here goes!
This is a plain patch of changes performed on a git clone of https:/ /git.launchpad. net/ubuntu/ +source/ netcfg
The fix is simple: use Single-Quoted style when outputting SSID or password, which means start and end with a single quote, and replace any instance of ' with ''.
The code compiles, and should work, but is not tested. I have yet to figure out how to run netcfg without generating a modified bootable image and performing an install.