blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-09 17:19:09 -04:00
Code Issues Projects Releases Wiki Activity

fix(esp_wifi): Fixed memory corruption in wifi enterprise

Browse Source 
Closes https://github.com/espressif/esp-idf/issues/15370
This commit is contained in:
Kapil Gupta 2025-02-12 14:21:11 +05:30
parent f428a1e784
commit 4d83458e6b
1 changed files with 23 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c
View File

@ -196,7 +196,7 @@ static void wpa2_rxq_deinit(void)
void wpa2_task(void *pvParameters)
{
ETSEvent *e;
ETSEvent e;
struct eap_sm *sm = gEapSm;
bool task_del = false;
@ -206,16 +206,16 @@ void wpa2_task(void *pvParameters)
for (;;) {
if (TRUE == os_queue_recv(s_wpa2_queue, &e, OS_BLOCK)) {
if (e->sig < SIG_WPA2_MAX) {
if (e.sig < SIG_WPA2_MAX) {
DATA_MUTEX_TAKE();
if (sm->wpa2_sig_cnt[e->sig]) {
sm->wpa2_sig_cnt[e->sig]--;
if (sm->wpa2_sig_cnt[e.sig]) {
sm->wpa2_sig_cnt[e.sig]--;
} else {
wpa_printf(MSG_ERROR, "wpa2_task: invalid sig cnt, sig=%" PRId32 " cnt=%d", e->sig, sm->wpa2_sig_cnt[e->sig]);
wpa_printf(MSG_ERROR, "wpa2_task: invalid sig cnt, sig=%" PRId32 " cnt=%d", e.sig, sm->wpa2_sig_cnt[e.sig]);
}
DATA_MUTEX_GIVE();
}
switch (e->sig) {
switch (e.sig) {
case SIG_WPA2_TASK_DEL:
task_del = true;
break;
@ -235,12 +235,9 @@ void wpa2_task(void *pvParameters)
default:
break;
}
os_free(e);
}
if (task_del) {
break;
} else {
if (task_del) {
break;
}
if (s_wifi_wpa2_sync_sem) {
wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed");
os_semphr_give(s_wifi_wpa2_sync_sem);
@ -268,6 +265,7 @@ void wpa2_task(void *pvParameters)
int wpa2_post(uint32_t sig, uint32_t par)
{
struct eap_sm *sm = gEapSm;
ETSEvent evt;
if (!sm) {
return ESP_FAIL;
@ -277,28 +275,20 @@ int wpa2_post(uint32_t sig, uint32_t par)
if (sm->wpa2_sig_cnt[sig]) {
DATA_MUTEX_GIVE();
return ESP_OK;
}
sm->wpa2_sig_cnt[sig]++;
DATA_MUTEX_GIVE();
evt.sig = sig;
evt.par = par;
if (os_queue_send(s_wpa2_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
wpa_printf(MSG_ERROR, "EAP: Q S E");
return ESP_FAIL;
}
if (s_wifi_wpa2_sync_sem) {
os_semphr_take(s_wifi_wpa2_sync_sem, OS_BLOCK);
wpa_printf(MSG_DEBUG, "EAP: EAP api return, sm->state(%d)", sm->finish_state);
} else {
ETSEvent *evt = (ETSEvent *)os_malloc(sizeof(ETSEvent));
if (evt == NULL) {
wpa_printf(MSG_ERROR, "EAP: E N M");
DATA_MUTEX_GIVE();
return ESP_FAIL;
}
sm->wpa2_sig_cnt[sig]++;
DATA_MUTEX_GIVE();
evt->sig = sig;
evt->par = par;
if (os_queue_send(s_wpa2_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
wpa_printf(MSG_ERROR, "EAP: Q S E");
return ESP_FAIL;
} else {
if (s_wifi_wpa2_sync_sem) {
os_semphr_take(s_wifi_wpa2_sync_sem, OS_BLOCK);
wpa_printf(MSG_DEBUG, "EAP: EAP api return, sm->state(%d)", sm->finish_state);
} else {
wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
}
}
wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
}
return ESP_OK;
}