mirror of
https://github.com/espressif/esp-idf
synced 2025-03-10 01:29:21 -04:00
fix(esp_wifi): fixed Stack corruption in WPS processing
This commit is contained in:
Kapil Gupta
parent
c3959700b3
commit
a64056fac2
@ -119,7 +119,7 @@ static void wps_rxq_deinit(void)
|
|||||||
#ifdef USE_WPS_TASK
|
#ifdef USE_WPS_TASK
|
||||||
void wps_task(void *pvParameters)
|
void wps_task(void *pvParameters)
|
||||||
{
|
{
|
||||||
ETSEvent *e;
|
ETSEvent e;
|
||||||
wps_ioctl_param_t *param;
|
wps_ioctl_param_t *param;
|
||||||
bool del_task = false;
|
bool del_task = false;
|
||||||
|
|
||||||
@ -129,32 +129,32 @@ void wps_task(void *pvParameters)
|
|||||||
for (;;) {
|
for (;;) {
|
||||||
if (TRUE == os_queue_recv(s_wps_queue, &e, OS_BLOCK)) {
|
if (TRUE == os_queue_recv(s_wps_queue, &e, OS_BLOCK)) {
|
||||||
|
|
||||||
if ((e->sig >= SIG_WPS_ENABLE) && (e->sig < SIG_WPS_NUM)) {
|
if ((e.sig >= SIG_WPS_ENABLE) && (e.sig < SIG_WPS_NUM)) {
|
||||||
DATA_MUTEX_TAKE();
|
DATA_MUTEX_TAKE();
|
||||||
if (s_wps_sig_cnt[e->sig]) {
|
if (s_wps_sig_cnt[e.sig]) {
|
||||||
s_wps_sig_cnt[e->sig]--;
|
s_wps_sig_cnt[e.sig]--;
|
||||||
} else {
|
} else {
|
||||||
wpa_printf(MSG_ERROR, "wpsT: invalid sig cnt, sig=%" PRId32 " cnt=%d", e->sig, s_wps_sig_cnt[e->sig]);
|
wpa_printf(MSG_ERROR, "wpsT: invalid sig cnt, sig=%" PRId32 " cnt=%d", e.sig, s_wps_sig_cnt[e.sig]);
|
||||||
}
|
}
|
||||||
DATA_MUTEX_GIVE();
|
DATA_MUTEX_GIVE();
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "wpsT: rx sig=%" PRId32 "", e->sig);
|
wpa_printf(MSG_DEBUG, "wpsT: rx sig=%" PRId32 "", e.sig);
|
||||||
|
|
||||||
switch (e->sig) {
|
switch (e.sig) {
|
||||||
case SIG_WPS_ENABLE:
|
case SIG_WPS_ENABLE:
|
||||||
case SIG_WPS_DISABLE:
|
case SIG_WPS_DISABLE:
|
||||||
case SIG_WPS_START:
|
case SIG_WPS_START:
|
||||||
param = (wps_ioctl_param_t *)e->par;
|
param = (wps_ioctl_param_t *)e.par;
|
||||||
if (!param) {
|
if (!param) {
|
||||||
wpa_printf(MSG_ERROR, "wpsT: invalid param sig=%" PRId32 "", e->sig);
|
wpa_printf(MSG_ERROR, "wpsT: invalid param sig=%" PRId32 "", e.sig);
|
||||||
os_semphr_give(s_wps_api_sem);
|
os_semphr_give(s_wps_api_sem);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (e->sig == SIG_WPS_ENABLE) {
|
if (e.sig == SIG_WPS_ENABLE) {
|
||||||
param->ret = wifi_wps_enable_internal((esp_wps_config_t *)(param->arg));
|
param->ret = wifi_wps_enable_internal((esp_wps_config_t *)(param->arg));
|
||||||
} else if (e->sig == SIG_WPS_DISABLE) {
|
} else if (e.sig == SIG_WPS_DISABLE) {
|
||||||
DATA_MUTEX_TAKE();
|
DATA_MUTEX_TAKE();
|
||||||
param->ret = wifi_wps_disable_internal();
|
param->ret = wifi_wps_disable_internal();
|
||||||
del_task = true;
|
del_task = true;
|
||||||
@ -198,10 +198,9 @@ void wps_task(void *pvParameters)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
wpa_printf(MSG_ERROR, "wpsT: invalid sig=%" PRId32 "", e->sig);
|
wpa_printf(MSG_ERROR, "wpsT: invalid sig=%" PRId32 "", e.sig);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
os_free(e);
|
|
||||||
|
|
||||||
if (del_task) {
|
if (del_task) {
|
||||||
wpa_printf(MSG_DEBUG, "wpsT: delete task");
|
wpa_printf(MSG_DEBUG, "wpsT: delete task");
|
||||||
@ -218,39 +217,30 @@ void wps_task(void *pvParameters)
|
|||||||
int wps_post(uint32_t sig, uint32_t par)
|
int wps_post(uint32_t sig, uint32_t par)
|
||||||
{
|
{
|
||||||
wpa_printf(MSG_DEBUG, "wps post: sig=%" PRId32 " cnt=%d", sig, s_wps_sig_cnt[sig]);
|
wpa_printf(MSG_DEBUG, "wps post: sig=%" PRId32 " cnt=%d", sig, s_wps_sig_cnt[sig]);
|
||||||
|
ETSEvent evt;
|
||||||
DATA_MUTEX_TAKE();
|
|
||||||
|
|
||||||
if (!s_wps_task_hdl) {
|
if (!s_wps_task_hdl) {
|
||||||
wpa_printf(MSG_DEBUG, "wps post: sig=%" PRId32 " failed as wps task has been deinited", sig);
|
wpa_printf(MSG_DEBUG, "wps post: sig=%" PRId32 " failed as wps task has been deinited", sig);
|
||||||
DATA_MUTEX_GIVE();
|
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
|
DATA_MUTEX_TAKE();
|
||||||
if (s_wps_sig_cnt[sig]) {
|
if (s_wps_sig_cnt[sig]) {
|
||||||
wpa_printf(MSG_DEBUG, "wps post: sig=%" PRId32 " processing", sig);
|
wpa_printf(MSG_DEBUG, "wps post: sig=%" PRId32 " processing", sig);
|
||||||
DATA_MUTEX_GIVE();
|
DATA_MUTEX_GIVE();
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
} else {
|
}
|
||||||
ETSEvent *evt = (ETSEvent *)os_malloc(sizeof(ETSEvent));
|
|
||||||
|
|
||||||
if (evt == NULL) {
|
s_wps_sig_cnt[sig]++;
|
||||||
wpa_printf(MSG_ERROR, "WPS: E N M");
|
evt.sig = sig;
|
||||||
DATA_MUTEX_GIVE();
|
evt.par = par;
|
||||||
return ESP_FAIL;
|
DATA_MUTEX_GIVE();
|
||||||
}
|
|
||||||
|
|
||||||
s_wps_sig_cnt[sig]++;
|
if (os_queue_send(s_wps_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
|
||||||
evt->sig = sig;
|
wpa_printf(MSG_ERROR, "WPS: Q S E");
|
||||||
evt->par = par;
|
DATA_MUTEX_TAKE();
|
||||||
|
s_wps_sig_cnt[sig]--;
|
||||||
DATA_MUTEX_GIVE();
|
DATA_MUTEX_GIVE();
|
||||||
|
return ESP_FAIL;
|
||||||
if (os_queue_send(s_wps_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
|
|
||||||
wpa_printf(MSG_ERROR, "WPS: Q S E");
|
|
||||||
DATA_MUTEX_TAKE();
|
|
||||||
s_wps_sig_cnt[sig]--;
|
|
||||||
DATA_MUTEX_GIVE();
|
|
||||||
return ESP_FAIL;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user