blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-10 09:39:10 -04:00
Code Issues Projects Releases Wiki Activity

fix(esp_wifi): Fix stack corruption in wpa3 task

Browse Source
This commit is contained in:
Kapil Gupta 2025-02-12 23:14:53 +05:30
parent 5d9db0b972
commit 22dd269b53
1 changed files with 11 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
View File

@ -409,38 +409,32 @@ SemaphoreHandle_t g_wpa3_hostap_auth_api_lock = NULL;
int wpa3_hostap_post_evt(uint32_t evt_id, uint32_t data) int wpa3_hostap_post_evt(uint32_t evt_id, uint32_t data)
{ {
wpa3_hostap_auth_event_t *evt = os_zalloc(sizeof(wpa3_hostap_auth_event_t)); wpa3_hostap_auth_event_t evt;
if (evt == NULL) {
return ESP_FAIL; evt.id = evt_id;
} evt.data = data;
evt->id = evt_id;
evt->data = data;
if (g_wpa3_hostap_auth_api_lock) { if (g_wpa3_hostap_auth_api_lock) {
WPA3_HOSTAP_AUTH_API_LOCK(); WPA3_HOSTAP_AUTH_API_LOCK();
if (g_wpa3_hostap_evt_queue == NULL) { if (g_wpa3_hostap_evt_queue == NULL) {
WPA3_HOSTAP_AUTH_API_UNLOCK(); WPA3_HOSTAP_AUTH_API_UNLOCK();
os_free(evt);
wpa_printf(MSG_DEBUG, "hostap evt queue NULL"); wpa_printf(MSG_DEBUG, "hostap evt queue NULL");
return ESP_FAIL; return ESP_FAIL;
} }
} else { } else {
os_free(evt);
wpa_printf(MSG_DEBUG, "g_wpa3_hostap_auth_api_lock not found"); wpa_printf(MSG_DEBUG, "g_wpa3_hostap_auth_api_lock not found");
return ESP_FAIL; return ESP_FAIL;
} }
if (evt->id == SIG_WPA3_RX_CONFIRM || evt->id == SIG_TASK_DEL) { if (evt.id == SIG_WPA3_RX_CONFIRM || evt.id == SIG_TASK_DEL) {
/* prioritising confirm for completing handshake for committed sta */ /* prioritising confirm for completing handshake for committed sta */
if (os_queue_send_to_front(g_wpa3_hostap_evt_queue, &evt, 0) != pdPASS) { if (os_queue_send_to_front(g_wpa3_hostap_evt_queue, &evt, 0) != pdPASS) {
WPA3_HOSTAP_AUTH_API_UNLOCK(); WPA3_HOSTAP_AUTH_API_UNLOCK();
wpa_printf(MSG_DEBUG, "failed to add msg to queue front"); wpa_printf(MSG_DEBUG, "failed to add msg to queue front");
os_free(evt);
return ESP_FAIL; return ESP_FAIL;
} }
} else { } else {
if (os_queue_send(g_wpa3_hostap_evt_queue, &evt, 0) != pdPASS) { if (os_queue_send(g_wpa3_hostap_evt_queue, &evt, 0) != pdPASS) {
WPA3_HOSTAP_AUTH_API_UNLOCK(); WPA3_HOSTAP_AUTH_API_UNLOCK();
os_free(evt);
wpa_printf(MSG_DEBUG, "failed to send msg to queue"); wpa_printf(MSG_DEBUG, "failed to send msg to queue");
return ESP_FAIL; return ESP_FAIL;
} }
@ -549,18 +543,18 @@ done:
static void esp_wpa3_hostap_task(void *pvParameters) static void esp_wpa3_hostap_task(void *pvParameters)
{ {
wpa3_hostap_auth_event_t *evt; wpa3_hostap_auth_event_t evt;
bool task_del = false; bool task_del = false;
while (1) { while (1) {
if (os_queue_recv(g_wpa3_hostap_evt_queue, &evt, portMAX_DELAY) == pdTRUE) { if (os_queue_recv(g_wpa3_hostap_evt_queue, &evt, portMAX_DELAY) == pdTRUE) {
switch (evt->id) { switch (evt.id) {
case SIG_WPA3_RX_COMMIT: { case SIG_WPA3_RX_COMMIT: {
wpa3_process_rx_commit(evt); wpa3_process_rx_commit(&evt);
break; break;
} }
case SIG_WPA3_RX_CONFIRM: { case SIG_WPA3_RX_CONFIRM: {
wpa3_process_rx_confirm(evt); wpa3_process_rx_confirm(&evt);
break; break;
} }
case SIG_TASK_DEL: case SIG_TASK_DEL:
@ -569,7 +563,6 @@ static void esp_wpa3_hostap_task(void *pvParameters)
default: default:
break; break;
} }
os_free(evt);
if (task_del) { if (task_del) {
break; break;
@ -580,10 +573,9 @@ static void esp_wpa3_hostap_task(void *pvParameters)
while(items_in_queue--) { while(items_in_queue--) {
/* Free events posted to queue */ /* Free events posted to queue */
os_queue_recv(g_wpa3_hostap_evt_queue, &evt, portMAX_DELAY); os_queue_recv(g_wpa3_hostap_evt_queue, &evt, portMAX_DELAY);
if (evt->id == SIG_WPA3_RX_CONFIRM) { if (evt.id == SIG_WPA3_RX_CONFIRM) {
os_free((void *)evt->data); os_free((void *)evt.data);
} }
os_free(evt);
} }
os_queue_delete(g_wpa3_hostap_evt_queue); os_queue_delete(g_wpa3_hostap_evt_queue);
g_wpa3_hostap_evt_queue = NULL; g_wpa3_hostap_evt_queue = NULL;