Prevent AP setup with too short password #26

gemenerik · 2025-01-30T15:35:34Z

This PR ensures that the firmware does not attempt to set up an access point if the configured password is shorter than 8 characters. If an invalid password is detected, a warning is logged to inform the user (visible in cfclient console), and the AP setup is skipped.

Fixes #15

ToveRumar · 2025-01-31T13:33:43Z

main/wifi.c

@@ -235,8 +235,12 @@ static void wifi_ctrl(void* _param) {
          if (rxp.data[1] == 0) {
            wifi_init_sta(ssid, key);
          } else {
-            wifi_init_softap(ssid, key);
-          }          
+            if (strlen(key) < 8) {


If we only check the length so it must be longer than 7, we can never set up an AP with open security.

Inside the wifi_init_softap() the authentication mode is set to open if the password is longer than 0.
I would say we should check the invalid range.

Suggested change

if (strlen(key) < 8) {

if (0 < strlen(key) && strlen(key) < 8) {

gemenerik requested a review from ToveRumar January 30, 2025 15:35

Warn user if AP password is too short

cdaf1e4

gemenerik force-pushed the rik/pwwarning branch from e2d105f to cdaf1e4 Compare January 30, 2025 15:54

ToveRumar reviewed Jan 31, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevent AP setup with too short password #26

Prevent AP setup with too short password #26

gemenerik commented Jan 30, 2025

ToveRumar Jan 31, 2025

	if (strlen(key) < 8) {
	if (0 < strlen(key) && strlen(key) < 8) {

Prevent AP setup with too short password #26

Are you sure you want to change the base?

Prevent AP setup with too short password #26

Conversation

gemenerik commented Jan 30, 2025

ToveRumar Jan 31, 2025

Choose a reason for hiding this comment