From 698392735c32e0b6700b200ea29d81a7238bc9fd Mon Sep 17 00:00:00 2001
From: Kapil Gupta <kapil.gupta@espressif.com>
Date: Wed, 12 Feb 2025 21:22:25 +0530
Subject: [PATCH] fix(esp_wifi): fixed Stack corruption in DPP task

---
 .../esp_supplicant/src/esp_dpp.c              | 28 ++++++-------------
 1 file changed, 9 insertions(+), 19 deletions(-)

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
index 9d9e168fc0..840d88a6ea 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
@@ -42,15 +42,11 @@ struct action_rx_param {
 
 esp_err_t esp_dpp_post_evt(uint32_t evt_id, uint32_t data)
 {
-    dpp_event_t *evt = os_zalloc(sizeof(dpp_event_t));
+    dpp_event_t evt;
     esp_err_t ret = ESP_OK;
 
-    if (evt == NULL) {
-        ret = ESP_ERR_NO_MEM;
-        goto end;
-    }
-    evt->id = evt_id;
-    evt->data = data;
+    evt.id = evt_id;
+    evt.data = data;
     if (s_dpp_api_lock) {
         DPP_API_LOCK();
     } else {
@@ -69,9 +65,6 @@ esp_err_t esp_dpp_post_evt(uint32_t evt_id, uint32_t data)
 
     return ret;
 end:
-    if (evt) {
-        os_free(evt);
-    }
     wpa_printf(MSG_ERROR, "DPP: Failed to send event %d to DPP task", evt_id);
     return ret;
 }
@@ -518,17 +511,16 @@ static esp_err_t esp_dpp_rx_action(struct action_rx_param *rx_param)
 
 static void esp_dpp_task(void *pvParameters)
 {
-    dpp_event_t *evt;
+    dpp_event_t evt;
     bool task_del = false;
 
     for (;;) {
         if (os_queue_recv(s_dpp_evt_queue, &evt, OS_BLOCK) == TRUE) {
-            if (evt->id >= SIG_DPP_MAX) {
-                os_free(evt);
+            if (evt.id >= SIG_DPP_MAX) {
                 continue;
             }
 
-            switch (evt->id) {
+            switch (evt.id) {
             case SIG_DPP_DEL_TASK:
                 struct dpp_bootstrap_params_t *params = &s_dpp_ctx.bootstrap_params;
                 eloop_cancel_timeout(esp_dpp_auth_conf_wait_timeout, NULL, NULL);
@@ -549,7 +541,7 @@ static void esp_dpp_task(void *pvParameters)
                 break;
 
             case SIG_DPP_BOOTSTRAP_GEN: {
-                char *command = (char *)evt->data;
+                char *command = (char *)evt.data;
                 const char *uri;
 
                 s_dpp_ctx.id = dpp_bootstrap_gen(s_dpp_ctx.dpp_global, command);
@@ -561,7 +553,7 @@ static void esp_dpp_task(void *pvParameters)
             break;
 
             case SIG_DPP_RX_ACTION: {
-                esp_dpp_rx_action((struct action_rx_param *)evt->data);
+                esp_dpp_rx_action((struct action_rx_param *)evt.data);
             }
             break;
 
@@ -588,7 +580,7 @@ static void esp_dpp_task(void *pvParameters)
             break;
 
             case SIG_DPP_START_NET_INTRO: {
-                esp_dpp_start_net_intro_protocol((uint8_t*)evt->data);
+                esp_dpp_start_net_intro_protocol((uint8_t*)evt.data);
             }
             break;
 
@@ -605,8 +597,6 @@ static void esp_dpp_task(void *pvParameters)
                 break;
             }
 
-            os_free(evt);
-
             if (task_del) {
                 break;
             }