fix(esp_wifi): Fix crash when assoc req comes before confirm is processed

This commit is contained in:
Shreyas Sheth 2024-03-22 13:37:25 +05:30
parent d1baafb8c0
commit a64d8b12c8
7 changed files with 75 additions and 53 deletions

@ -1 +1 @@
Subproject commit 1cc8f30b8f519b7355f6cdd1e456e43b9a231cfb
Subproject commit ea499d5ebba57aa5f6ec614d806e1c660ac9f8f6

View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -59,10 +59,7 @@ void *hostap_init(void)
auth_conf = (struct wpa_auth_config *)os_zalloc(sizeof(struct wpa_auth_config));
if (auth_conf == NULL) {
os_free(hapd->conf);
os_free(hapd);
hapd = NULL;
return NULL;
goto fail;
}
hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP);
@ -145,23 +142,14 @@ void *hostap_init(void)
hapd->conf->wpa_key_mgmt = auth_conf->wpa_key_mgmt;
hapd->conf->ssid.wpa_passphrase = (char *)os_zalloc(WIFI_PASSWORD_LEN_MAX);
if (hapd->conf->ssid.wpa_passphrase == NULL) {
os_free(auth_conf);
os_free(hapd->conf);
os_free(hapd);
hapd = NULL;
return NULL;
goto fail;
}
#ifdef CONFIG_SAE
if (authmode == WIFI_AUTH_WPA3_PSK ||
authmode == WIFI_AUTH_WPA2_WPA3_PSK) {
if (wpa3_hostap_auth_init(hapd) != 0) {
os_free(hapd->conf->ssid.wpa_passphrase);
os_free(auth_conf);
os_free(hapd->conf);
os_free(hapd);
hapd = NULL;
return NULL;
goto fail;
}
}
#endif /* CONFIG_SAE */
@ -176,11 +164,26 @@ void *hostap_init(void)
esp_wifi_get_macaddr_internal(WIFI_IF_AP, hapd->own_addr);
hapd->wpa_auth = wpa_init(hapd->own_addr, auth_conf, NULL);
if (hapd->wpa_auth == NULL) {
goto fail;
}
esp_wifi_set_appie_internal(WIFI_APPIE_WPA, hapd->wpa_auth->wpa_ie, (uint16_t)hapd->wpa_auth->wpa_ie_len, 0);
os_free(auth_conf);
global_hapd = hapd;
return (void *)hapd;
fail:
if (hapd->conf->ssid.wpa_passphrase != NULL) {
os_free(hapd->conf->ssid.wpa_passphrase);
}
if (auth_conf != NULL) {
os_free(auth_conf);
}
os_free(hapd->conf);
os_free(hapd);
hapd = NULL;
return NULL;
}
void hostapd_cleanup(struct hostapd_data *hapd)
@ -278,8 +281,8 @@ int esp_wifi_build_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
return pos - eid;
}
u16 esp_send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *addr, u16 status_code, bool omit_rsnxe, int subtype)
u16 esp_send_assoc_resp(struct hostapd_data *hapd, const u8 *addr,
u16 status_code, bool omit_rsnxe, int subtype)
{
#define ASSOC_RESP_LENGTH 20
u8 buf[ASSOC_RESP_LENGTH];

View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -15,9 +15,8 @@ extern "C" {
#ifdef CONFIG_ESP_WIFI_SOFTAP_SUPPORT
void *hostap_init(void);
bool hostap_deinit(void *data);
u16 esp_send_assoc_resp(struct hostapd_data *data, struct sta_info *sta,
const u8 *addr, u16 status_code, bool omit_rsnxe,
int subtype);
u16 esp_send_assoc_resp(struct hostapd_data *data, const u8 *addr,
u16 status_code, bool omit_rsnxe, int subtype);
#endif
#ifdef __cplusplus

View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -415,10 +415,6 @@ static void wpa3_process_rx_commit(wpa3_hostap_auth_event_t *evt)
}
}
if (!sta->lock) {
sta->lock = os_semphr_create(1, 1);
}
if (sta->lock && os_semphr_take(sta->lock, 0)) {
sta->sae_commit_processing = true;
ret = handle_auth_sae(hapd, sta, frm->msg, frm->len, frm->bssid, frm->auth_transaction, frm->status);

View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -295,7 +295,7 @@ static int check_n_add_wps_sta(struct hostapd_data *hapd, struct sta_info *sta_i
if (sta_info->eapol_sm) {
wpa_printf(MSG_DEBUG, "considering station " MACSTR " for WPS", MAC2STR(sta_info->addr));
if (esp_send_assoc_resp(hapd, sta_info, sta_info->addr, WLAN_STATUS_SUCCESS, true, subtype) != WLAN_STATUS_SUCCESS) {
if (esp_send_assoc_resp(hapd, sta_info->addr, WLAN_STATUS_SUCCESS, true, subtype) != WLAN_STATUS_SUCCESS) {
wpa_printf(MSG_ERROR, "failed to send assoc response " MACSTR, MAC2STR(sta_info->addr));
return -1;
}
@ -314,52 +314,75 @@ static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len,u8
goto fail;
}
if (*sta && !esp_wifi_ap_is_sta_sae_reauth_node(bssid)) {
ap_free_sta(hapd, *sta);
if (*sta) {
struct sta_info *old_sta = *sta;
#ifdef CONFIG_SAE
if (old_sta->lock && os_semphr_take(old_sta->lock, 0) != TRUE) {
wpa_printf(MSG_INFO, "Ignore assoc request as softap is busy with sae calculation for station "MACSTR, MAC2STR(bssid));
if (esp_send_assoc_resp(hapd, bssid, WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY, rsnxe ? false : true, subtype) != WLAN_STATUS_SUCCESS) {
goto fail;
}
return false;
}
if (!esp_wifi_ap_is_sta_sae_reauth_node(bssid)) {
ap_free_sta(hapd, old_sta);
} else if (old_sta && old_sta->lock) {
sta_info = old_sta;
goto process_old_sta;
}
#endif /* CONFIG_SAE */
}
sta_info = ap_sta_add(hapd, bssid);
sta_info = ap_get_sta(hapd, bssid);
if (!sta_info) {
wpa_printf(MSG_ERROR, "failed to add station " MACSTR, MAC2STR(bssid));
goto fail;
sta_info = ap_sta_add(hapd,bssid);
if (!sta_info) {
wpa_printf(MSG_ERROR, "failed to add station " MACSTR, MAC2STR(bssid));
goto fail;
}
}
#ifdef CONFIG_SAE
if (sta_info->lock && os_semphr_take(sta_info->lock, 0) != TRUE) {
wpa_printf(MSG_INFO, "Ignore assoc request as softap is busy with sae calculation for station "MACSTR, MAC2STR(bssid));
if (esp_send_assoc_resp(hapd, sta_info, bssid, WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY, rsnxe ? false : true, subtype) != WLAN_STATUS_SUCCESS) {
if (esp_send_assoc_resp(hapd, bssid, WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY, rsnxe ? false : true, subtype) != WLAN_STATUS_SUCCESS) {
goto fail;
}
return false;
}
#endif /* CONFIG_SAE */
process_old_sta:
#ifdef CONFIG_WPS_REGISTRAR
if (check_n_add_wps_sta(hapd, sta_info, wpa_ie, wpa_ie_len, pmf_enable, subtype) == 0) {
if (sta_info->eapol_sm) {
*sta = sta_info;
#ifdef CONFIG_SAE
if (sta_info->lock) {
os_semphr_give(sta_info->lock);
}
#endif /* CONFIG_SAE */
return true;
goto done;
}
} else {
goto fail;
}
#endif
if (wpa_ap_join(sta_info, bssid, wpa_ie, wpa_ie_len, rsnxe, rsnxe_len, pmf_enable, subtype)) {
*sta = sta_info;
#ifdef CONFIG_SAE
if (sta_info->lock) {
os_semphr_give(sta_info->lock);
}
#endif /* CONFIG_SAE */
return true;
goto done;
} else {
goto fail;
}
done:
*sta = sta_info;
#ifdef CONFIG_SAE
if (sta_info->lock) {
os_semphr_give(sta_info->lock);
}
#endif /* CONFIG_SAE */
return true;
fail:
#ifdef CONFIG_SAE
if (sta_info && sta_info->lock) {
os_semphr_give(sta_info->lock);
}
#endif /* CONFIG_SAE */
esp_wifi_ap_deauth_internal(bssid, WLAN_REASON_PREV_AUTH_NOT_VALID);
return false;
}

View File

@ -175,6 +175,7 @@ struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
#ifdef CONFIG_SAE
sta->sae_commit_processing = false;
sta->remove_pending = false;
sta->lock = os_semphr_create(1, 1);
#endif /* CONFIG_SAE */
return sta;

View File

@ -789,7 +789,7 @@ continue_processing:
* strong random numbers. Reject the first 4-way
* handshake(s) and collect some entropy based on the
* information from it. Once enough entropy is
* available, the next atempt will trigger GMK/Key
* available, the next attempt will trigger GMK/Key
* Counter update and the station will be allowed to
* continue.
*/
@ -2601,7 +2601,7 @@ send_resp:
omit_rsnxe = true;
}
if (esp_send_assoc_resp(hapd, sta, bssid, resp, omit_rsnxe, subtype) != WLAN_STATUS_SUCCESS) {
if (esp_send_assoc_resp(hapd, bssid, resp, omit_rsnxe, subtype) != WLAN_STATUS_SUCCESS) {
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
}