View Issue Details

IDProjectCategoryView StatusLast Update
0000302easycwmpBugpublic2018-06-25 18:42
Reporterhmh Assigned Toemna.trigui@pivasoftware.com  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
OSOpenWRTOS VersionChaos_Calmer 
Summary0000302: Does not filter illegal characters in DEVICE_PRODUCT, interacts badly with some ACSes
DescriptionEasycwmp does not filter characters like "/" in DEVICE_PRODUCT (which are common in several router model names in OpenWRT/LEDE).

With FreeACS, this results in major issues when attempting to provision new firmware to the units, because the file path will have an extra "/" in it (which is not a path separator), and therefore the firmware data file cannot be found, ever.
Steps To ReproduceProvision a TP-Link TL-WDR842ND with OpenWRT, and attempt to update its firmware using FreeACS.

This results in an attempt to download an illegal file name that has an "/" in it, because the contents of /etc/device_info are:

DEVICE_MANUFACTURER='TP-LINK'
DEVICE_PRODUCT='SIMETBOX-TP-LINKTL-WR842N/NDv2'
DEVICE_REVISION='v0'

And this results in an illegal URI due to the forward slash in "WR842N/NDv2".
Additional InformationChanging the init.d/easycwmp script with the attached patch fixes the issue, although I am not sure this is the best way to do it. If anything, it illustrates what the issue is better than my description of it...
TagsNo tags attached.
e-mail notification

Activities

hmh

2017-10-18 18:10

reporter  

easycwmp_init.d_badchars.patch (1,916 bytes)   
commit 7cb7f2f9c7bab3a7005fcd35eeeb262ef446c971
Author: Henrique de Moraes Holschuh <henrique@nic.br>
Date:   Tue Oct 17 16:40:55 2017 -0200

    easycwmp: replace characters that will cause trouble with URIs
    
    Not everything will URL-encode correctly, and this can play very
    badly with some ACS servers, e.g., on firmware filenames.  So,
    replace with "_" any characters that are too weird to allow through
    on IDs, names, labels and URIs.

diff --git a/easycwmp-1.6.0/ext/openwrt/init.d/easycwmpd b/easycwmp-1.6.0/ext/openwrt/init.d/easycwmpd
index 2bef646..df56c2c 100644
--- a/easycwmp-1.6.0/ext/openwrt/init.d/easycwmpd
+++ b/easycwmp-1.6.0/ext/openwrt/init.d/easycwmpd
@@ -13,15 +13,15 @@ init_device_info() {
 	local val oval
 	local change=0
 
-	val=`cat "/etc/device_info" | grep "DEVICE_MANUFACTURER" | cut -f 2 -d '=' | sed "s/['\"]//g"`
+	val=`cat "/etc/device_info" | grep "DEVICE_MANUFACTURER" | cut -f 2 -d '=' | sed -e "s/['\"]//g" -e "s'[]:/?#[@!$&()*+,;=]'_'g"`
 	oval=`$UCI_GET easycwmp.@device[0].manufacturer`
 	[ -n "$val" -a "$val" != "$oval" ] && { $UCI_SET easycwmp.@device[0].manufacturer="$val"; change=1; }
 
-	val=`cat "/etc/device_info" | grep "DEVICE_PRODUCT" | cut -f 2 -d '=' | sed "s/['\"]//g"`
+	val=`cat "/etc/device_info" | grep "DEVICE_PRODUCT" | cut -f 2 -d '=' | sed -e "s/['\"]//g" -e "s'[]:/?#[@!$&()*+,;=]'_'g"`
 	oval=`$UCI_GET easycwmp.@device[0].product_class`
 	[ -n "$val" -a "$val" != "$oval" ] && { $UCI_SET easycwmp.@device[0].product_class="$val"; change=1; }
 
-	val=`cat "/etc/device_info" | grep "DEVICE_REVISION" | cut -f 2 -d '=' | sed "s/['\"]//g"`
+	val=`cat "/etc/device_info" | grep "DEVICE_REVISION" | cut -f 2 -d '=' | sed -e "s/['\"]//g" -e "s'[]:/?#[@!$&()*+,;=]'_'g"`
 	oval=`$UCI_GET easycwmp.@device[0].hardware_version`
 	[ -n "$val" -a "$val" != "$oval" ] && { $UCI_SET easycwmp.@device[0].hardware_version="$val"; change=1; }
 
easycwmp_init.d_badchars.patch (1,916 bytes)   

emna.trigui@pivasoftware.com

2018-06-25 18:42

developer   ~0000882

Delivered in EasyCwmp-1.7.0

Issue History

Date Modified Username Field Change
2017-10-18 18:10 hmh New Issue
2017-10-18 18:10 hmh File Added: easycwmp_init.d_badchars.patch
2018-06-25 18:42 emna.trigui@pivasoftware.com Note Added: 0000882
2018-06-25 18:42 emna.trigui@pivasoftware.com Status new => resolved
2018-06-25 18:42 emna.trigui@pivasoftware.com Resolution open => fixed
2018-06-25 18:42 emna.trigui@pivasoftware.com Assigned To => emna.trigui@pivasoftware.com