Merge branch 'bugfix/analyzer_issues_supplicant_v5.1' into 'release/v5.1'

fix(esp_wifi): fix some analyzer issues (v5.1)

See merge request espressif/esp-idf!36833

components/wpa_supplicant/esp_supplicant/src/esp_common.c

@@ -782,15 +782,16 @@ int wpa_drv_send_action(struct wpa_supplicant *wpa_s,
 			const u8 *data, size_t data_len,
 			int no_cck)
 {
-	int ret = 0;
-	wifi_mgmt_frm_req_t *req = os_zalloc(sizeof(*req) + data_len);;
-	if (!req)
-		return -1;
+	int ret = -1;
+	wifi_mgmt_frm_req_t *req;
 
 	if (!wpa_s->current_bss) {
-		wpa_printf(MSG_ERROR, "STA not associated, return");
-		ret = -1;
-		goto cleanup;
+		return ret;
+	}
+
+	req = os_zalloc(sizeof(*req) + data_len);
+	if (!req) {
+		return ret;
 	}
 
 	req->ifx = WIFI_IF_STA;
@@ -798,14 +799,14 @@ int wpa_drv_send_action(struct wpa_supplicant *wpa_s,
 	req->data_len = data_len;
 	os_memcpy(req->data, data, req->data_len);
 
-	if (esp_wifi_send_mgmt_frm_internal(req) != 0) {
-		wpa_printf(MSG_ERROR, "action frame sending failed");
-		ret = -1;
-		goto cleanup;
-	}
-	wpa_printf(MSG_INFO, "action frame sent");
+	ret = esp_wifi_send_mgmt_frm_internal(req);
+
+	if (ret != 0) {
+		wpa_printf(MSG_ERROR, "action frame sending failed");
+	} else {
+		wpa_printf(MSG_INFO, "action frame sent");
+	}
 
-cleanup:
 	os_free(req);
 	return ret;
 }

components/wpa_supplicant/esp_supplicant/src/esp_hostap.c

@@ -308,8 +308,7 @@ u16 esp_send_assoc_resp(struct hostapd_data *hapd, const u8 *addr,
     reply = os_zalloc(sizeof(wifi_mgmt_frm_req_t) + sizeof(uint16_t));
     if (!reply) {
         wpa_printf(MSG_ERROR, "failed to allocate memory for assoc response");
-        res = WLAN_STATUS_UNSPECIFIED_FAILURE;
-        goto done;
+        return WLAN_STATUS_UNSPECIFIED_FAILURE;
     }
     reply->ifx = WIFI_IF_AP;
     reply->subtype = subtype;
@@ -322,7 +321,6 @@ u16 esp_send_assoc_resp(struct hostapd_data *hapd, const u8 *addr,
         wpa_printf(MSG_INFO, "esp_send_assoc_resp_failed: send failed");
     }
 #undef ASSOC_RESP_LENGTH
-done:
     os_free(reply);
     return res;
 }

components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -667,32 +667,39 @@ int esp_send_sae_auth_reply(struct hostapd_data *hapd,
                             u16 auth_alg, u16 auth_transaction, u16 resp,
                             const u8 *ies, size_t ies_len)
 {
-    int reply_res = ESP_FAIL;
-    ies_len += 3 * sizeof(uint16_t);
+    int status = ESP_FAIL;
+    /* Calculate total frame data length (auth_alg + transaction + resp + IEs) */
+    size_t data_len = ies_len + 3 * sizeof(uint16_t);
 
-    wifi_mgmt_frm_req_t *req = os_zalloc(sizeof(*req) + ies_len);
+    wifi_mgmt_frm_req_t *req = os_zalloc(sizeof(*req) + data_len);
     if (!req) {
-        wpa_printf(MSG_ERROR, "failed to send sae auth reply");
-        return reply_res;
+        wpa_printf(MSG_ERROR, "Failed to allocate SAE authentication reply");
+        return status;
+    }
+
+    /* Populate the frame data */
+    ((uint16_t *)req->data)[0] = htole16(auth_alg); /* Authentication algorithm */
+    ((uint16_t *)req->data)[1] = htole16(auth_transaction); /* Transaction number */
+    ((uint16_t *)req->data)[2] = htole16(resp); /* Response code */
+
+    if (ies && ies_len) {
+        os_memcpy(&((uint16_t *)req->data)[3], ies, ies_len);
     }
-    ((uint16_t *)req->data)[0] = htole16(auth_alg);
-    ((uint16_t *)req->data)[1] = htole16(auth_transaction);
-    ((uint16_t *)req->data)[2] = htole16(resp);
-    os_memcpy(&((uint16_t *)req->data)[3], ies, ies_len - 3 * sizeof(uint16_t));
 
     req->ifx = WIFI_IF_AP;
     req->subtype = (WLAN_FC_STYPE_AUTH << 4);
-    req->data_len = ies_len;
+    req->data_len = data_len;
     os_memcpy(req->da, bssid, ETH_ALEN);
 
     if (esp_wifi_send_mgmt_frm_internal(req) != 0) {
-        wpa_printf(MSG_INFO, "%s: send failed", __func__);
+        wpa_printf(MSG_INFO, "%s: SAE authentication reply send failed", __func__);
     } else {
-        reply_res = ESP_OK;
+        status = ESP_OK;
     }
 
     os_free(req);
-    return reply_res;
+
+    return status;
 }
 
 void esp_wifi_register_wpa3_ap_cb(struct wpa_funcs *wpa_cb)

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -188,21 +188,9 @@ static bool is_wpa2_enterprise_connection(void)
 }
 #endif
 
-/**
- * get_bssid - Get the current BSSID
- * @priv: private driver interface data
- * @bssid: buffer for BSSID (ETH_ALEN = 6 bytes)
- *
- * Returns: 0 on success, -1 on failure
- *
- * Query kernel driver for the current BSSID and copy it to bssid.
- * Setting bssid to 00:00:00:00:00:00 is recommended if the STA is not
- * associated.
- */
-static inline int   wpa_sm_get_bssid(struct wpa_sm *sm, u8 *bssid)
+const u8 * wpa_sm_get_auth_addr(struct wpa_sm *sm)
 {
-    memcpy(bssid, sm->bssid, ETH_ALEN);
-    return 0;
+    return sm->bssid;
 }
 
  /*
@@ -232,11 +220,13 @@ static inline int wpa_sm_ether_send(struct wpa_sm *sm, const u8 *dest, u16 proto
  * @msg_len: Length of message
  * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
  */
-void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
+int  wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
                         int ver, const u8 *dest, u16 proto,
                         u8 *msg, size_t msg_len, u8 *key_mic)
 {
+    int ret = -1;
     if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
+#ifndef ESP_SUPPLICANT
         /*
          * Association event was not yet received; try to fetch
          * BSSID from the driver.
@@ -250,6 +240,9 @@ void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
                    ") as the destination for EAPOL-Key",
                    MAC2STR(dest));
         }
+#else
+        return ret;
+#endif
     }
     if (key_mic &&
         wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
@@ -262,9 +255,9 @@ void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
     wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
     wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, wpa_mic_len(sm->key_mgmt, sm->pmk_len));
     wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
-    wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
+    return wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
 out:
-    return;
+    return ret;
 }
 
 /**
@@ -283,7 +276,7 @@ static void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
     struct wpa_eapol_key *reply;
     struct wpa_eapol_key_192 *reply192;
     int key_info, ver;
-    u8 bssid[ETH_ALEN], *rbuf, *key_mic;
+    u8 *rbuf, *key_mic;
 
     if (sm->key_mgmt == WPA_KEY_MGMT_OSEN || wpa_key_mgmt_suite_b(sm->key_mgmt))
         ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
@@ -296,12 +289,6 @@ static void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
     else
         ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
 
-    if (wpa_sm_get_bssid(sm, bssid) < 0) {
-        wpa_printf(MSG_DEBUG, "Failed to read BSSID for EAPOL-Key "
-               "request");
-        return;
-    }
-
     mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
     hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
     rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
@@ -343,7 +330,7 @@ static void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
     wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key Request (error=%d "
            "pairwise=%d ptk_set=%d len=%lu)",
            error, pairwise, sm->ptk_set, (unsigned long) rlen);
-    wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
+    wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, wpa_sm_get_auth_addr(sm),
                        ETH_P_EAPOL, rbuf, rlen, key_mic);
     wpa_sm_free_eapol(rbuf);
 }