From 9e4b31e0f220bd9ef519daea6cb2313150fcca07 Mon Sep 17 00:00:00 2001
From: Kapil Gupta <kapil.gupta@espressif.com>
Date: Mon, 5 Dec 2022 20:06:24 +0530
Subject: [PATCH 1/3] Correct SSID copy length during WPS scan

---
 components/wpa_supplicant/esp_supplicant/src/esp_wps.c | 2 +-
 components/wpa_supplicant/src/eap_peer/eap_peap.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c
index b2f575daae..ed4c23fa7b 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c
@@ -618,7 +618,7 @@ wps_parse_scan_result(struct wps_scan_ie *scan)
             }
             esp_wifi_enable_sta_privacy_internal();
             os_memset(sm->config.ssid, 0, sizeof(sm->config.ssid));
-            strncpy((char *)sm->config.ssid, (char *)&scan->ssid[2], (int)scan->ssid[1]);
+            os_memcpy(sm->config.ssid, (char *)&scan->ssid[2], (int)scan->ssid[1]);
             if (scan->bssid && memcmp(sm->config.bssid, scan->bssid, ETH_ALEN) != 0) {
                 printf("sm BSSid: "MACSTR " scan BSSID " MACSTR "\n", MAC2STR(sm->config.bssid), MAC2STR(scan->bssid));
                 sm->discover_ssid_cnt++;
diff --git a/components/wpa_supplicant/src/eap_peer/eap_peap.c b/components/wpa_supplicant/src/eap_peer/eap_peap.c
index b21ab6bac7..14bdf58423 100644
--- a/components/wpa_supplicant/src/eap_peer/eap_peap.c
+++ b/components/wpa_supplicant/src/eap_peer/eap_peap.c
@@ -1104,7 +1104,7 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
 		}
 
 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
-			char label[24];
+			char label[24] = {0};
 			wpa_printf(MSG_DEBUG, "EAP-PEAP: TLS done, proceed to Phase 2");
 			os_free(data->key_data);
 			/* draft-josefsson-ppext-eap-tls-eap-05.txt

From c34ba085ba4b64e12192b5043041d8b19009b129 Mon Sep 17 00:00:00 2001
From: Kapil Gupta <kapil.gupta@espressif.com>
Date: Mon, 21 Nov 2022 18:34:13 +0530
Subject: [PATCH 2/3] esp_wifi: Flush PMK caching if bss akm has changed

---
 components/wpa_supplicant/src/rsn_supp/wpa.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c
index d987678a17..9a9e0fd3d1 100644
--- a/components/wpa_supplicant/src/rsn_supp/wpa.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.c
@@ -2275,8 +2275,15 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
     if (sm->key_mgmt == WPA_KEY_MGMT_SAE ||
         is_wpa2_enterprise_connection()) {
         if (!esp_wifi_skip_supp_pmkcaching() && use_pmk_cache) {
-            pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0);
-            wpa_sm_set_pmk_from_pmksa(sm);
+            if (pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0) == 0) {
+                struct rsn_pmksa_cache_entry *pmksa = pmksa_cache_get_current(sm);
+                if (pmksa && (pmksa->akmp != sm->key_mgmt)) {
+                    pmksa_cache_clear_current(sm);
+                    pmksa_cache_flush(sm->pmksa, NULL, pmksa->pmk, pmksa->pmk_len);
+                }
+            } else {
+                wpa_sm_set_pmk_from_pmksa(sm);
+            }
         } else {
             struct rsn_pmksa_cache_entry *entry = NULL;
 

From c71071b36c0dc557632cf6d1dbf099f70f6454a5 Mon Sep 17 00:00:00 2001
From: Kapil Gupta <kapil.gupta@espressif.com>
Date: Thu, 1 Dec 2022 15:37:43 +0530
Subject: [PATCH 3/3] esp_wifi: Add changes to skip SAE handshake during WPS
 connection

---
 components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c | 4 ++++
 components/wpa_supplicant/esp_supplicant/src/esp_wps.c  | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
index fa5b27402f..344257e00e 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
@@ -147,6 +147,10 @@ static u8 *wpa3_build_sae_msg(u8 *bssid, u32 sae_msg_type, size_t *sae_msg_len)
 
     switch (sae_msg_type) {
         case SAE_MSG_COMMIT:
+            /* Do not go for SAE when WPS is ongoing */
+            if (esp_wifi_get_wps_status_internal() != WPS_STATUS_DISABLE) {
+                return NULL;
+            }
             if (ESP_OK != wpa3_build_sae_commit(bssid))
                 return NULL;
             *sae_msg_len = wpabuf_len(g_sae_commit);
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c
index ed4c23fa7b..1f069c8b1a 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c
@@ -2145,7 +2145,7 @@ int wifi_wps_enable_internal(const esp_wps_config_t *config)
     ret = wifi_station_wps_init();
 
     if (ret != 0) {
-        wps_set_type(WPS_STATUS_DISABLE);
+        wps_set_type(WPS_TYPE_DISABLE);
         wps_set_status(WPS_STATUS_DISABLE);
         return ESP_FAIL;
     }