Apply a fix for CVE-2026-45255 from FreeBSD

Author: laffer1

usr.sbin/bsdconfig/share/media/wlan.subr

@@ -780,7 +780,7 @@ f_dialog_scan_wireless()
 # f_dialog_wireless_edit $ssid
 #
 # Display a menu to allow the user to either create a new entry for the
-# wpa_supplicants.conf(5) file, or to edit values for an existing entry.
+# wpa_supplicant.conf(5) file, or to edit values for an existing entry.
 #
 # If more than one wireless network is found to match $ssid, a sub-menu is
 # presented, allowing the user to select the desired network.
@@ -813,6 +813,7 @@ f_dialog_wireless_edit()
 		[ $nmatches -le ${#DIALOG_MENU_TAGS} ] || break
 		f_substr -v tag "$DIALOG_MENU_TAGS" $nmatches 1
 
+		f_shell_escape "$wssid" wssid
 		f_wireless_describe WIRELESS_$n help
 		menu_list1="$menu_list1
 			'$tag $wssid' '$wbssid' '$help'
@@ -913,7 +914,7 @@ f_dialog_wireless_edit()
 	#
 	# XXXDT Unfinished
 	# This is where we display a menu that edits the entry
-	# And then we modify the wpa_supplicants.conf(5) config file
+	# And then we modify the wpa_supplicant.conf(5) config file
 	# XXXDT Unfinished
 	#
 
@@ -1076,6 +1077,7 @@ f_menu_wireless_configs()
 	while [ $n -lt $nunique ]; do
 		n=$(( $n + 1 ))
 		menuitem_$n get ssid ssid
+		f_shell_escape "$ssid" ssid
 
 		menuitem_$n get nconfigs nconfigs
 		desc="$nconfigs $msg_configured_lc"
@@ -1184,6 +1186,7 @@ f_menu_wpa_scan_results()
 	while [ $n -lt $nunique ]; do
 		n=$(( $n + 1 ))
 		menuitem_$n get ssid ssid
+		f_shell_escape "$ssid" ssid
 
 		desc=
 		if [ "$DIALOG_MENU_WLAN_SHOW_ALL" ]; then
@@ -1207,7 +1210,7 @@ f_menu_wpa_scan_results()
 
 # f_dialog_menu_wireless_edit
 #
-# Display a list of wireless networks configured in wpa_supplicants.conf(5) and
+# Display a list of wireless networks configured in wpa_supplicant.conf(5) and
 # (if wpa_supplicant(8) is running) also displays scan results for unconfigured
 # wireless networks.
 #
@@ -1246,7 +1249,7 @@ f_dialog_menu_wireless_edit()
 		fi
 		if [ "$do_parse" -a "$DIALOG_MENU_WLAN_SHOW_CONFIGURED" ]
 		then
-			f_dprintf "$funcname: Parsing wpa_supplicants.conf(5)"
+			f_dprintf "$funcname: Parsing wpa_supplicant.conf(5)"
 			f_wpa_supplicant_parse "$conf_file" \
 			                       WIRELESS_ NWIRELESS_CONFIGS
 			f_dprintf "%s: Parsed %i wireless configurations" \
@@ -1261,7 +1264,7 @@ f_dialog_menu_wireless_edit()
 
 			#
 			# Add both items scanned from the airwaves and networks
-			# parsed from wpa_supplicants.conf(5). Latter items are
+			# parsed from wpa_supplicant.conf(5). Latter items are
 			# marked, sorted, and added to top of list above the
 			# former (which are unmarked and sorted separately).
 			#

usr.sbin/bsdinstall/scripts/wlanconfig

@@ -55,7 +55,8 @@ country_set()
 		"$WLAN_IFACE" "$ifconfig_args"
 	error_str="${error_str#ifconfig: }"
 	# Restart wpa_supplicant(8) (should not fail).
-	[ "$iface_up" ] && f_eval_catch -d wlanconfig wpa_supplicant \
+	[ "$iface_up" ] && ifconfig "$WLAN_IFACE" up && \
+	    f_eval_catch -d wlanconfig wpa_supplicant \
 		'wpa_supplicant -B -i "%s" -c "%s/wpa_supplicant.conf"' \
 		"$WLAN_IFACE" "$BSDINSTALL_TMPETC"
 	if [ "$error_str" ]; then
@@ -91,7 +92,7 @@ dialog_country_select()
 		sub(/.*domains:/, ""), /[^[:alnum:][[:space:]]/ {
 			n = split($0, domains)
 			for (i = 1; i <= n; i++)
-				printf "'\''%s'\'' '\'\''", domains[i]
+				printf "'\''%s'\'' '\'\''\n", domains[i]
 		}
 	' | sort )
 	countries=$( echo "$input" | awk '
@@ -146,6 +147,34 @@ dialog_country_select()
 	country_set "$regdomain" "$country"
 }
 
+dialog_network_select()
+{
+	local ssid flags height width rows prompt
+
+	# Avoid using eval on untrusted data.
+	set --
+	while IFS=$'\t' read -r ssid flags; do
+		[ -n "$ssid" ] || continue
+		set -- "$@" "$ssid" "$flags"
+	done <<EOF
+$NETWORKS
+EOF
+
+	f_dialog_title "Network Selection"
+	prompt="Select a wireless network to connect to."
+	f_dialog_menu_size height width rows \
+		"$DIALOG_TITLE" "$DIALOG_BACKTITLE" "$prompt" "" "$@"
+	$DIALOG \
+		--title "$DIALOG_TITLE"         \
+		--backtitle "$DIALOG_BACKTITLE" \
+		--extra-button                  \
+		--extra-label "Rescan"          \
+		--menu "$prompt"                \
+		$height $width $rows            \
+		"$@"                            \
+		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
+}
+
 ############################################################ MAIN
 
 : > "$BSDINSTALL_TMPETC/wpa_supplicant.conf"
@@ -199,36 +228,28 @@ fi
 
 while :; do
 	SCANSSID=0
+	# While wpa_supplicant may IFF_UP the interface, we do not want to rely
+	# in this.  In case the script is run manually (outside the installer,
+	# e.g., for testing) wpa_supplicant may be running and the wlanN
+	# interface may be down (especially if dialog_country_select is not
+	# run successfully either) and scanning will not work.
+	f_eval_catch -d wlanconfig ifconfig "ifconfig $WLAN_IFACE up"
 	f_eval_catch -d wlanconfig wpa_cli "wpa_cli scan"
 	f_dialog_title "Scanning"
 	f_dialog_pause "Waiting 5 seconds to scan for wireless networks..." 5 ||
 		exit 1
 
 	f_eval_catch -dk SCAN_RESULTS wlanconfig wpa_cli "wpa_cli scan_results"
 	NETWORKS=$( echo "$SCAN_RESULTS" | awk -F '\t' '
-		/..:..:..:..:..:../ && $5 { printf "\"%s\"\t\"%s\"\n", $5, $4 }
+		/..:..:..:..:..:../ && $5 { print $5 "\t" $4 }
 	' | sort | uniq )
 
 	if [ ! "$NETWORKS" ]; then
 		f_dialog_title "$msg_error"
 		f_yesno "No wireless networks were found. Rescan?" && continue
-		exit 1
+	else
+		NETWORK=$( dialog_network_select )
 	fi
-
-	f_dialog_title "Network Selection"
-	prompt="Select a wireless network to connect to."
-	f_dialog_menu_size height width rows "$DIALOG_TITLE" \
-		"$DIALOG_BACKTITLE" "$prompt" "" $menu_list
-	NETWORK=$( eval $DIALOG \
-		--title \"\$DIALOG_TITLE\"         \
-		--backtitle \"\$DIALOG_BACKTITLE\" \
-		--extra-button                     \
-		--extra-label \"Rescan\"           \
-		--menu \"\$prompt\"                \
-		$height $width $rows               \
-		$NETWORKS                          \
-		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
-	)
 	retval=$?
 	f_dialog_data_sanitize NETWORK
 	case $retval in
@@ -264,7 +285,7 @@ while :; do
 done
 
 [ "$ENCRYPTION" ] || ENCRYPTION=$( echo "$NETWORKS" |
-	awk -F '\t' "/^\"$NETWORK\"\t/ { print \$2 }" )
+	awk -F '\t' "/^$NETWORK\t/ { print \$2 }" )
 
 if echo "$ENCRYPTION" | grep -q PSK; then
 	PASS=$( $DIALOG \