cli: fixed the passwd command corrupting memory and security

modules/cli/CLI_Commands.c

@@ -2077,8 +2077,6 @@ static portBASE_TYPE prvTaskUserCommand(cli_state_t *cli_state, int8_t *pcWriteB
             strncpy( ( char * ) pcWriteBuffer, ( const char * ) pcInvalidCommand, strlen( ( char * ) pcInvalidCommand ) );
         } else {
             strncat(temp_str, ( const char * ) pcParameterString, strlen(( const char * ) pcParameterString));
-            // FIXME proper context
-#if 1
             for (user_id = 0; user_id < MAX_WEB_USERS; user_id++) {
 
                 GetUserLogin(user_id, WebLogin, &valueLen);
@@ -2094,7 +2092,6 @@ static portBASE_TYPE prvTaskUserCommand(cli_state_t *cli_state, int8_t *pcWriteB
                 }
             }
             if (cli_state->input_state != CLI_CHANGE_PWD) {
-#endif
                 strncpy( ( char * ) pcWriteBuffer, ( const char * ) pcInvalidCommand, strlen( ( char * ) pcInvalidCommand ) );
             }
         }

modules/cli/cli.c

@@ -69,57 +69,41 @@ static char *get_user_name(user_level_t user_id)
 	return username;
 }
 
-static portBASE_TYPE FreeRTOS_ChangePWDProcess( int8_t * pcWriteBuffer, cli_state_t *s)
+static void FreeRTOS_ChangePWDProcess( int8_t * pcWriteBuffer, cli_state_t *s)
 {
-	portBASE_TYPE xReturn = pdTRUE;
-	uint32_t len;
-	static char password[ MAX_WEB_PASSWD_LEN ] = { 0 };
-	char password2[ MAX_WEB_PASSWD_LEN ] = { 0 };
+	static char password[MAX_WEB_PASSWD_LEN];	// trading reentrancy for memory
 	const int8_t * const pcNewPSWHeader = ( int8_t * ) "\r\nВведите повторно новый пароль:";
 
 	memset(pcWriteBuffer, 0, configCOMMAND_INT_MAX_OUTPUT_SIZE);
 
-	len = strlen(s->buf);
+	uint32_t len = strlen(s->buf);
+	if (len >= MAX_WEB_PASSWD_LEN) {
+		strcpy((char *)pcWriteBuffer, "\r\nНовый пароль слишком длинный!\r\n>");
+		s->input_state = CLI_CMD;
+		return;
+	}
+
 	if(s->input_state == CLI_CHANGE_PWD){
 		memset(password, 0, MAX_WEB_PASSWD_LEN);
-		if(len >= MAX_WEB_PASSWD_LEN){
+		if(!control_string_en_digit(s->buf, len)){
 			strcpy( ( char * ) pcWriteBuffer, "\r\nОшибка при вводе нового пароля\r\n>" );
 			s->input_state = CLI_CMD;
 		} else {
-			if(!control_string_en_digit(s->buf, len)){
-				strcpy( ( char * ) pcWriteBuffer, "\r\nОшибка при вводе нового пароля\r\n>" );
-				s->input_state = CLI_CMD;
-			} else {
-				strncpy(password, s->buf, len);
-				strncpy( ( char * ) pcWriteBuffer, ( const char * ) pcNewPSWHeader, strlen( ( char * ) pcNewPSWHeader ) );
-				s->input_state = CLI_CHANGE_PWD_ACK;
-			}
+			strncpy(password, s->buf, len);
+			strncpy( ( char * ) pcWriteBuffer, ( const char * ) pcNewPSWHeader, strlen( ( char * ) pcNewPSWHeader ) );
+			s->input_state = CLI_CHANGE_PWD_ACK;
 		}
 	} else {
-		s->input_state = CLI_CHANGE_PWD;
-		memset(password2, 0, cmdMAX_INPUT_SIZE);
-		if(len >= MAX_WEB_LOGIN_LEN){
-			strcpy( ( char * ) pcWriteBuffer, "\r\nОшибка при вводе нового пароля\r\n>" );
-			s->input_state = CLI_CMD;
+		if (strncmp(password, s->buf, MAX_WEB_PASSWD_LEN) == 0) {
+			memcpy(sSettings.sAuth[s->id_change_pwd].password, password, 11);
+			cli_save_config(s);
+			log_event_data(LOG_PSW_CHANGE, get_user_name(s->user_id));
+			strcpy( ( char * ) pcWriteBuffer, "\r\nПароль успешно изменен\r\n>" );
 		} else {
-			strncpy(password2, s->buf, len);
-			
-			if (strncmp(password, password2, MAX_WEB_PASSWD_LEN) == 0) {
-				memcpy(sSettings.sAuth[s->id_change_pwd].password, password, 11);
-				cli_save_config(s);
-				log_event_data(LOG_PSW_CHANGE, get_user_name(s->user_id));
-				strcpy( ( char * ) pcWriteBuffer, "\r\nПароль успешно изменен\r\n>" );
-				s->input_state = CLI_CMD;
-				xReturn = pdTRUE;
-			} else {
-				strcpy( ( char * ) pcWriteBuffer, "\r\nОшибка при вводе нового пароля\r\n>" );
-				s->input_state = CLI_CMD;
-			}
-			
+			strcpy( ( char * ) pcWriteBuffer, "\r\nОшибка при вводе нового пароля\r\n>" );
 		}
+		s->input_state = CLI_CMD;
 	}
-
-	return xReturn;
 }