From 7d7481845fa0f3cbe15b8059f94e79302234bb6c Mon Sep 17 00:00:00 2001
From: jgujarathi <jash.gujarathi@espressif.com>
Date: Mon, 21 Nov 2022 17:26:35 +0530
Subject: [PATCH] wpa_supplicant : Fixed a memory leak issue created when
 parsing scan results

---
 components/wpa_supplicant/src/esp_supplicant/esp_wps.c | 10 ++++++++++
 components/wpa_supplicant/src/utils/common.h           |  4 +++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c
index e6f5249e3d..22c8f3627d 100644
--- a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c
+++ b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c
@@ -597,6 +597,7 @@ wps_parse_scan_result(struct wps_scan_ie *scan)
             for (count = 0; count < WPS_MAX_DIS_AP_NUM; count++) {
                 if (os_memcmp(sm->dis_ap_list[count].bssid, scan->bssid, ETH_ALEN) == 0) {
                     wpa_printf(MSG_INFO, "discard ap bssid "MACSTR, MAC2STR(scan->bssid));
+                    wpabuf_free(buf);
                     return false;
                 }
             }
@@ -605,6 +606,9 @@ wps_parse_scan_result(struct wps_scan_ie *scan)
 
         if (ap_found || sm->wps_pin_war) {
             wpabuf_free(buf);
+            if (scan->ssid[1] > SSID_MAX_LEN) {
+                return false;
+            } 
             esp_wifi_enable_sta_privacy_internal();
             os_memset(sm->config.ssid, 0, sizeof(sm->config.ssid));
             strncpy((char *)sm->config.ssid, (char *)&scan->ssid[2], (int)scan->ssid[1]);
@@ -1677,6 +1681,9 @@ _err:
         sm->dev = NULL;
     }
     if (sm->wps_ctx) {
+        if (sm->wps_ctx->dh_privkey) {
+            wpabuf_free(sm->wps_ctx->dh_privkey);
+        }
         os_free(sm->wps_ctx);
         sm->wps_ctx = NULL;
     }
@@ -1733,6 +1740,9 @@ wifi_station_wps_deinit(void)
         sm->dev = NULL;
     }
     if (sm->wps_ctx) {
+        if (sm->wps_ctx->dh_privkey) {
+            wpabuf_free(sm->wps_ctx->dh_privkey);
+        }
         os_free(sm->wps_ctx);
         sm->wps_ctx = NULL;
     }
diff --git a/components/wpa_supplicant/src/utils/common.h b/components/wpa_supplicant/src/utils/common.h
index 57f3d3c297..eef75ae454 100644
--- a/components/wpa_supplicant/src/utils/common.h
+++ b/components/wpa_supplicant/src/utils/common.h
@@ -14,6 +14,9 @@
 #include "os.h"
 #include "esp_bit_defs.h"
 
+
+#define SSID_MAX_LEN 32
+
 /* Define platform specific variable type macros */
 #if defined(ESP_PLATFORM)
 #include <stdint.h>
@@ -67,7 +70,6 @@ static inline unsigned int wpa_swap_32(unsigned int v)
 
 #endif /* __CYGWIN__ || CONFIG_NATIVE_WINDOWS */
 
-
 #ifndef WPA_BYTE_SWAP_DEFINED
 
 #ifndef __BYTE_ORDER