Networks not associated with submitter

[strasharo]

A few times on a freshly initialized database using the latest code from git I got this exception on submit:
Warning: Parameter 2 to mysqli_stmt::bind_param() expected to be a reference, value given in /var/www/wpacracker/public_html/common.php on line 263 Call Stack: 0.0001 234240 1. {main}() /var/www/wpacracker/public_html/index.php:0 0.0003 239224 2. include('/var/www/wpacracker/public_html/content/submit.php') /var/www/wpacracker/public_html/index.php:182 0.0008 240656 3. submission() /var/www/wpacracker/public_html/content/submit.php:36 0.0273 265728 4. insert_n2u() /var/www/wpacracker/public_html/common.php:406 0.0275 267920 5. call_user_func_array:{/var/www/wpacracker/public_html/common.php:263}() /var/www/wpacracker/public_html/common.php:263 Capture submitted successfully

And then the submitted networks are not associated with the user that I submitted them with. Looks similar to #13

[RealEnder]

Hm, looks the same, but it's something else.
Can you please put var_dump($ref); after

dwpa/web/common.php

Line 262 in ca8227e

$ref[0] = str_repeat('s', count($ref)-1);

and paste the result here?

[strasharo]

This is the first submit on a new database:

/var/www/wpacracker/public_html/common.php:309: array(10) { [0] => string(9) "sssssssss" [1] => string(16) "��k'� c/���j���" [2] => string(16) "L�?UwI�*�I���4�9" [3] => string(16) "���0GR�5ؙ��HW��" [4] => string(16) "�{��n�F�e�i�����" [5] => string(16) "�f��wd&�?�l�W�l�" [6] => string(16) "������J3*1�z=���" [7] => string(16) " �^�"p����e~A�" [8] => string(16) "�e���d�//�����\000~" [9] => string(16) "�e���d�//�����\000~" } Warning: Parameter 2 to mysqli_stmt::bind_param() expected to be a reference, value given in /var/www/wpacracker/public_html/common.php on line 310 Call Stack: 0.0001 234240 1. {main}() /var/www/wpacracker/public_html/index.php:0 0.0002 239224 2. include('/var/www/wpacracker/public_html/content/submit.php') /var/www/wpacracker/public_html/index.php:182 0.0008 240776 3. submission() /var/www/wpacracker/public_html/content/submit.php:36 0.0252 266448 4. insert_n2u() /var/www/wpacracker/public_html/common.php:474 0.0255 268640 5. call_user_func_array:{/var/www/wpacracker/public_html/common.php:310}() /var/www/wpacracker/public_html/common.php:310 Capture submitted successfully

[RealEnder]

Just created empty DB and can't reproduce this.
Please make sure you're using PHP 5.5+ and latest HEAD.
Also, there is one caveat for bosskey - you have to first create user via Get key, then use those key for bosskey in conf.php. Of course, you can change those key to whatever you want 16 byte value, just make sure you change this both in the DB and conf.php

[strasharo]

The php version is 5.6.33 on CentOS 6.9 and the code is the latest one from git.
So now I repeated the test by setting the bosskey right after I created the first user and got it:

/var/www/wpacracker/public_html/common.php:253: array(10) { [0] => string(9) "sssssssss" [1] => string(16) "��k'� c/���j���" [2] => string(16) "L�?UwI�*�I���4�9" [3] => string(16) "���0GR�5ؙ��HW��" [4] => string(16) "�{��n�F�e�i�����" [5] => string(16) "�f��wd&�?�l�W�l�" [6] => string(16) "������J3*1�z=���" [7] => string(16) " �^�"p����e~A�" [8] => string(16) "�e���d�//�����\000~" [9] => string(16) "�e���d�//�����\000~" } Warning: Parameter 2 to mysqli_stmt::bind_param() expected to be a reference, value given in /var/www/wpacracker/public_html/common.php on line 254 Call Stack: 0.0001 234240 1. {main}() /var/www/wpacracker/public_html/index.php:0 0.0002 239224 2. include('/var/www/wpacracker/public_html/content/submit.php') /var/www/wpacracker/public_html/index.php:182 0.0010 240776 3. submission() /var/www/wpacracker/public_html/content/submit.php:36 0.0264 266448 4. insert_n2u() /var/www/wpacracker/public_html/common.php:418 0.0272 268640 5. call_user_func_array:{/var/www/wpacracker/public_html/common.php:254}() /var/www/wpacracker/public_html/common.php:254 Capture submitted successfully

[RealEnder]

This is strange, since we pass reference value here:
https://github.com/RealEnder/dwpa/blob/master/web/common.php#L411
Can you change line $ref[0] = str_repeat('s', count($ref)-1); with:

$format = str_repeat('s', count($ref)-1);
$ref[0] = & $format;
var_dump($ref);

[strasharo]

/var/www/wpacracker/public_html/common.php:255: array(10) { [0] => string(9) "sssssssss" [1] => string(16) "��k'� c/���j���" [2] => string(16) "L�?UwI�*�I���4�9" [3] => string(16) "���0GR�5ؙ��HW��" [4] => string(16) "�{��n�F�e�i�����" [5] => string(16) "�f��wd&�?�l�W�l�" [6] => string(16) "������J3*1�z=���" [7] => string(16) " �^�"p����e~A�" [8] => string(16) "�e���d�//�����\000~" [9] => string(16) "�e���d�//�����\000~" } Warning: Parameter 2 to mysqli_stmt::bind_param() expected to be a reference, value given in /var/www/wpacracker/public_html/common.php on line 256 Call Stack: 0.0001 234848 1. {main}() /var/www/wpacracker/public_html/index.php:0 0.0002 239888 2. include('/var/www/wpacracker/public_html/content/submit.php') /var/www/wpacracker/public_html/index.php:182 0.0009 241440 3. submission() /var/www/wpacracker/public_html/content/submit.php:36 0.0344 267112 4. insert_n2u() /var/www/wpacracker/public_html/common.php:420 0.0347 269304 5. call_user_func_array:{/var/www/wpacracker/public_html/common.php:256}() /var/www/wpacracker/public_html/common.php:256 Capture submitted successfully

[RealEnder]

Hm, we explicitly defined $ref[0] value to be reference and it isn't; [0] => string(9) "sssssssss"
I can't see how this can happen. Maybe it's something CentOS devs patched in PHP for hardening, but seems unlikely.
Will ask for help from some real PHP developer :)

[strasharo]

It has Suhosin enabled, maybe that's the issue?

[RealEnder]

Yeah, maybe, can you try to disable the extension?

[RealEnder]

Or enable Suhosin'l log to see if it blocked/filtered/altered something?

[strasharo]

Disabled Suhosin and still got it:
/var/www/wpacracker/public_html/common.php:255: array(10) { [0] => string(9) "sssssssss" [1] => string(16) "��k'� c/���j���" [2] => string(16) "L�?UwI�*�I���4�9" [3] => string(16) "���0GR�5ؙ��HW��" [4] => string(16) "�{��n�F�e�i�����" [5] => string(16) "�f��wd&�?�l�W�l�" [6] => string(16) "������J3*1�z=���" [7] => string(16) " �^�"p����e~A�" [8] => string(16) "�e���d�//�����\000~" [9] => string(16) "�e���d�//�����\000~" } Warning: Parameter 2 to mysqli_stmt::bind_param() expected to be a reference, value given in /var/www/wpacracker/public_html/common.php on line 256 Call Stack: 0.0001 234840 1. {main}() /var/www/wpacracker/public_html/index.php:0 0.0002 239824 2. include('/var/www/wpacracker/public_html/content/submit.php') /var/www/wpacracker/public_html/index.php:182 0.0009 241376 3. submission() /var/www/wpacracker/public_html/content/submit.php:36 0.0246 267064 4. insert_n2u() /var/www/wpacracker/public_html/common.php:420 0.0249 269256 5. call_user_func_array:{/var/www/wpacracker/public_html/common.php:256}() /var/www/wpacracker/public_html/common.php:256 Capture submitted successfully

/var/www/wpacracker/public_html/common.php:255: array(21) { [0] => string(20) "ssssssssssssssssssss" [1] => string(16) "O_�\000�NT~�>�g-�^�" [2] => string(16) "�p��3�a�����w{Y" [3] => string(16) ",4�U������!�c3^h" [4] => string(16) "�}��.�~4����^W�8" [5] => string(16) "�>.��f㗯5��k8��" [6] => string(16) "�Q�r�P�#�Z@�����" [7] => string(16) "�t�aD�<��1�Wl�-�" [8] => string(16) "{O?4g��Pv�d�N��" [9] => string(16) "hU��/we)�I5a\�L�" [10] => string(16) "<Σ�}�Ιi9z�+�9" [11] => string(16) "�-pz��m��~����6"" [12] => string(16) "��T��+@7/�=�s�p�" [13] => string(16) "�7 �b�K]d�pʟ-z9" [14] => string(16) "�����YN�R�-�?�K�" [15] => string(16) "��1�8/�����z��2" [16] => string(16) "o8.�*#���-f���[" [17] => string(16) "1u�v�����/\�2�)�" [18] => string(16) "���;�э7�0����n�" [19] => string(16) ",_�៦���<[vf�\000�" [20] => string(16) ",_�៦���<[vf�\000�" } Warning: Parameter 2 to mysqli_stmt::bind_param() expected to be a reference, value given in /var/www/wpacracker/public_html/common.php on line 256 Call Stack: 0.0000 234832 1. {main}() /var/www/wpacracker/public_html/index.php:0 0.0002 239816 2. include('/var/www/wpacracker/public_html/content/submit.php') /var/www/wpacracker/public_html/index.php:182 0.0007 241368 3. submission() /var/www/wpacracker/public_html/content/submit.php:36 0.0207 287760 4. insert_n2u() /var/www/wpacracker/public_html/common.php:420 0.0209 291072 5. call_user_func_array:{/var/www/wpacracker/public_html/common.php:256}() /var/www/wpacracker/public_html/common.php:256 Capture submitted successfully
`
It appears to be specific to pcap files containing handshakes from multiple networks, so far if I recall correctly it hasn't happened to a pcap with a single network handshake in it. I'm reproducing it with a pcap file from wlandump-ng containing handshakes from multiple networks.