blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-09 17:19:09 -04:00
Code Issues Projects Releases Wiki Activity

fix(esp_wifi): Fixed memory corruption in wifi enterprise

Browse Source 
Closes https://github.com/espressif/esp-idf/issues/15370
This commit is contained in:
Kapil Gupta 2025-02-12 14:21:11 +05:30
parent f428a1e784
commit 4d83458e6b
1 changed files with 23 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c
View File

@ -196,7 +196,7 @@ static void wpa2_rxq_deinit(void)
void wpa2_task(void *pvParameters) void wpa2_task(void *pvParameters)
{ {
ETSEvent *e; ETSEvent e;
struct eap_sm *sm = gEapSm; struct eap_sm *sm = gEapSm;
bool task_del = false; bool task_del = false;
@ -206,16 +206,16 @@ void wpa2_task(void *pvParameters)
for (;;) { for (;;) {
if (TRUE == os_queue_recv(s_wpa2_queue, &e, OS_BLOCK)) { if (TRUE == os_queue_recv(s_wpa2_queue, &e, OS_BLOCK)) {
if (e->sig < SIG_WPA2_MAX) { if (e.sig < SIG_WPA2_MAX) {
DATA_MUTEX_TAKE(); DATA_MUTEX_TAKE();
if (sm->wpa2_sig_cnt[e->sig]) { if (sm->wpa2_sig_cnt[e.sig]) {
sm->wpa2_sig_cnt[e->sig]--; sm->wpa2_sig_cnt[e.sig]--;
} else { } else {
wpa_printf(MSG_ERROR, "wpa2_task: invalid sig cnt, sig=%" PRId32 " cnt=%d", e->sig, sm->wpa2_sig_cnt[e->sig]); wpa_printf(MSG_ERROR, "wpa2_task: invalid sig cnt, sig=%" PRId32 " cnt=%d", e.sig, sm->wpa2_sig_cnt[e.sig]);
} }
DATA_MUTEX_GIVE(); DATA_MUTEX_GIVE();
} }
switch (e->sig) { switch (e.sig) {
case SIG_WPA2_TASK_DEL: case SIG_WPA2_TASK_DEL:
task_del = true; task_del = true;
break; break;
@ -235,12 +235,9 @@ void wpa2_task(void *pvParameters)
default: default:
break; break;
} }
os_free(e); if (task_del) {
} break;
}
if (task_del) {
break;
} else {
if (s_wifi_wpa2_sync_sem) { if (s_wifi_wpa2_sync_sem) {
wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed"); wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed");
os_semphr_give(s_wifi_wpa2_sync_sem); os_semphr_give(s_wifi_wpa2_sync_sem);
@ -268,6 +265,7 @@ void wpa2_task(void *pvParameters)
int wpa2_post(uint32_t sig, uint32_t par) int wpa2_post(uint32_t sig, uint32_t par)
{ {
struct eap_sm *sm = gEapSm; struct eap_sm *sm = gEapSm;
ETSEvent evt;
if (!sm) { if (!sm) {
return ESP_FAIL; return ESP_FAIL;
@ -277,28 +275,20 @@ int wpa2_post(uint32_t sig, uint32_t par)
if (sm->wpa2_sig_cnt[sig]) { if (sm->wpa2_sig_cnt[sig]) {
DATA_MUTEX_GIVE(); DATA_MUTEX_GIVE();
return ESP_OK; return ESP_OK;
}
sm->wpa2_sig_cnt[sig]++;
DATA_MUTEX_GIVE();
evt.sig = sig;
evt.par = par;
if (os_queue_send(s_wpa2_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
wpa_printf(MSG_ERROR, "EAP: Q S E");
return ESP_FAIL;
}
if (s_wifi_wpa2_sync_sem) {
os_semphr_take(s_wifi_wpa2_sync_sem, OS_BLOCK);
wpa_printf(MSG_DEBUG, "EAP: EAP api return, sm->state(%d)", sm->finish_state);
} else { } else {
ETSEvent *evt = (ETSEvent *)os_malloc(sizeof(ETSEvent)); wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
if (evt == NULL) {
wpa_printf(MSG_ERROR, "EAP: E N M");
DATA_MUTEX_GIVE();
return ESP_FAIL;
}
sm->wpa2_sig_cnt[sig]++;
DATA_MUTEX_GIVE();
evt->sig = sig;
evt->par = par;
if (os_queue_send(s_wpa2_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
wpa_printf(MSG_ERROR, "EAP: Q S E");
return ESP_FAIL;
} else {
if (s_wifi_wpa2_sync_sem) {
os_semphr_take(s_wifi_wpa2_sync_sem, OS_BLOCK);
wpa_printf(MSG_DEBUG, "EAP: EAP api return, sm->state(%d)", sm->finish_state);
} else {
wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
}
}
} }
return ESP_OK; return ESP_OK;
} }