gitea-mirror/esp8266_deauther
1
0
Fork 0
mirror of https://github.com/SpacehuhnTech/esp8266_deauther.git synced 2025-12-23 07:29:20 -08:00
Code Issues Packages Projects Releases Wiki Activity

Improved Json sanitization

Browse Source 
It was important to fix this bug. It can let someone to prevent the esp8266 from scanning for APs just by sending beacons containing specifics characters in AP name.
Those characters will make the browser to misunderstand the json result of APScan.
For exemple if you put an anti-slash at the end of an AP name, you're browser will think that the " character of json delimitation is escaped and will interpret it as a ascii character.

-Created a sanitize method. APScan::sanitizeJson(String) to escape specific characters.

-SanitizeJson is used each time the result of getAPName is sent using Json data format.

- Removed _ssid.replace("\"", "\\\"")
It's important to not sanitize Ap names before saving them into a limited 33 chararacters array. Sanitize an AP name increase his size and so it can potentially decrease his final size when casted to a 33 chars array.
This commit is contained in:
Aurélien Hernandez
2017-10-24 09:42:12 +02:00
parent 581b3e2adb
commit dc23c6494f
2 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
esp8266_deauther/APScan.cpp
View File

@@ -29,7 +29,6 @@ bool APScan::start() {
encryption[i] = WiFi.encryptionType(i);
hidden[i] = WiFi.isHidden(i);
String _ssid = WiFi.SSID(i);
_ssid.replace("\"", "\\\"");
_ssid.toCharArray(names[i], 33);
//data_getVendor(WiFi.BSSID(i)[0],WiFi.BSSID(i)[1],WiFi.BSSID(i)[2]).toCharArray(vendors[i],9);
if (debug) {
@@ -136,6 +135,18 @@ int APScan::getFirstTarget() {
return -1;
}
String APScan::sanitizeJson(String input){
input.replace("\\","\\\\");
input.replace("\"","\\\"");
input.replace("/","\\/");
input.replace("\b","\\b");
input.replace("\f","\\f");
input.replace("\n","\\n");
input.replace("\r","\\r");
input.replace("\t","\\t");
return input;
}
void APScan::sendResults() {
if (debug) Serial.print("sending AP scan result JSON ");
@@ -158,7 +169,7 @@ void APScan::sendResults() {
_size += 61;
_size += String(i).length();
_size += String(getAPChannel(i)).length();
_size += getAPName(i).length();
_size += sanitizeJson(getAPName(i)).length();
_size += String(getAPRSSI(i)).length();
if ((i != results - 1) && (i != maxAPScanResults - 1)) _size++; // ,
@@ -178,7 +189,7 @@ void APScan::sendResults() {
json += "\"i\":" + (String)i + ",";
json += "\"c\":" + (String)getAPChannel(i) + ",";
json += "\"m\":\"" + getAPMac(i) + "\",";
json += "\"ss\":\"" + getAPName(i) + "\",";
json += "\"ss\":\"" + sanitizeJson(getAPName(i)) + "\",";
json += "\"r\":" + (String)getAPRSSI(i) + ",";
json += "\"e\":" + (String)encryption[i] + ",";
//json += "\"v\":\""+getAPVendor(i)+"\",";
@@ -211,7 +222,7 @@ String APScan::getResultsJSON() {
json += "\"i\":" + (String)i + ",";
json += "\"c\":" + (String)getAPChannel(i) + ",";
json += "\"m\":\"" + getAPMac(i) + "\",";
json += "\"ss\":\"" + getAPName(i) + "\",";
json += "\"ss\":\"" + sanitizeJson(getAPName(i)) + "\",";
json += "\"r\":" + (String)getAPRSSI(i) + ",";
json += "\"e\":" + (String)encryption[i] + ",";
//json += "\"v\":\""+getAPVendor(i)+"\",";

2
esp8266_deauther/APScan.h
View File

@@ -39,6 +39,8 @@ class APScan {
int getFirstTarget();
bool isSelected(int num);
String sanitizeJson(String input);
int results = 0;
int selectedSum;
MacList aps;