From fdf79ce300e016819f447ebd9fb5b193475c3d41 Mon Sep 17 00:00:00 2001 From: Jack Date: Fri, 22 Apr 2022 17:06:48 +0800 Subject: [PATCH] ESP_WIFI: Remove static analysis warnings --- .../wpa_supplicant/include/utils/wpabuf.h | 20 +++--- components/wpa_supplicant/src/ap/wpa_auth.c | 2 +- .../wpa_supplicant/src/ap/wpa_auth_ie.c | 2 +- components/wpa_supplicant/src/common/dpp.c | 7 +- components/wpa_supplicant/src/common/sae.c | 1 + .../src/crypto/crypto_mbedtls-bignum.c | 23 +++---- .../src/crypto/crypto_mbedtls-ec.c | 47 +++++-------- .../wpa_supplicant/src/crypto/tls_mbedtls.c | 11 ++-- .../src/esp_supplicant/esp_hostap.c | 34 +++++----- .../src/esp_supplicant/esp_wpa2.c | 66 ++++++++----------- .../src/esp_supplicant/esp_wps.c | 54 +++++++-------- .../wpa_supplicant/src/rsn_supp/pmksa_cache.c | 5 +- components/wpa_supplicant/src/rsn_supp/wpa.c | 4 +- components/wpa_supplicant/src/utils/wpabuf.c | 19 ++++-- .../wpa_supplicant/src/wps/wps_registrar.c | 2 +- components/wpa_supplicant/test/test_sae.c | 20 ++---- 16 files changed, 143 insertions(+), 174 deletions(-) diff --git a/components/wpa_supplicant/include/utils/wpabuf.h b/components/wpa_supplicant/include/utils/wpabuf.h index 2a5fa3f5dc..092b31e08b 100644 --- a/components/wpa_supplicant/include/utils/wpabuf.h +++ b/components/wpa_supplicant/include/utils/wpabuf.h @@ -1,6 +1,6 @@ /* * Dynamic data buffer - * Copyright (c) 2007-2009, Jouni Malinen + * Copyright (c) 2007-2012, Jouni Malinen * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -15,6 +15,9 @@ #ifndef WPABUF_H #define WPABUF_H +/* wpabuf::buf is a pointer to external data */ +#define WPABUF_FLAG_EXT_DATA BIT(0) + /* * Internal data structure for wpabuf. Please do not touch this directly from * elsewhere. This is only defined in header file to allow inline functions @@ -23,8 +26,8 @@ struct wpabuf { size_t size; /* total size of the allocated buffer */ size_t used; /* length of data in the buffer */ - u8 *ext_data; /* pointer to external data; NULL if data follows - * struct wpabuf */ + u8 *buf; /* pointer to the head of the buffer */ + unsigned int flags; /* optionally followed by the allocated buffer */ }; @@ -79,9 +82,7 @@ static inline size_t wpabuf_tailroom(const struct wpabuf *buf) */ static inline const void * wpabuf_head(const struct wpabuf *buf) { - if (buf->ext_data) - return buf->ext_data; - return buf + 1; + return buf->buf; } static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf) @@ -96,9 +97,7 @@ static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf) */ static inline void * wpabuf_mhead(struct wpabuf *buf) { - if (buf->ext_data) - return buf->ext_data; - return buf + 1; + return buf->buf; } static inline u8 * wpabuf_mhead_u8(struct wpabuf *buf) @@ -157,7 +156,8 @@ static inline void wpabuf_put_buf(struct wpabuf *dst, static inline void wpabuf_set(struct wpabuf *buf, const void *data, size_t len) { - buf->ext_data = (u8 *) data; + buf->buf = (u8 *) data; + buf->flags = WPABUF_FLAG_EXT_DATA; buf->size = buf->used = len; } diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index 8b43098790..b1562eca9e 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -1590,7 +1590,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) sm->pending_1_of_4_timeout = 0; eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); - if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { + if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) { /* PSK may have changed from the previous choice, so update * state machine data based on whatever PSK was selected here. */ diff --git a/components/wpa_supplicant/src/ap/wpa_auth_ie.c b/components/wpa_supplicant/src/ap/wpa_auth_ie.c index 34f12217db..1dda65c4fc 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth_ie.c +++ b/components/wpa_supplicant/src/ap/wpa_auth_ie.c @@ -353,7 +353,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, const u8 *wpa_ie, size_t wpa_ie_len/*, const u8 *mdie, size_t mdie_len*/) { - struct wpa_ie_data data; + struct wpa_ie_data data = {0}; int ciphers, key_mgmt, res, version; u32 selector; diff --git a/components/wpa_supplicant/src/common/dpp.c b/components/wpa_supplicant/src/common/dpp.c index 45080889a1..f71a22f8f0 100644 --- a/components/wpa_supplicant/src/common/dpp.c +++ b/components/wpa_supplicant/src/common/dpp.c @@ -4670,6 +4670,7 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk, struct wpabuf *x = NULL, *y = NULL, *a = NULL; struct crypto_ec_group *group; struct crypto_key *pkey = NULL; + size_t len; token = json_get_member(jwk, "kty"); if (!token || token->type != JSON_STRING) { @@ -4728,9 +4729,10 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk, goto fail; } + len = wpabuf_len(x); a = wpabuf_concat(x, y); pkey = crypto_ec_set_pubkey_point(group, wpabuf_head(a), - wpabuf_len(x)); + len); crypto_ec_deinit((struct crypto_ec *)group); *key_curve = curve; @@ -4969,8 +4971,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth, unsigned char *der = NULL; int der_len; - crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len); - if (der_len <= 0) { + if (crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len) < 0) { return; } wpabuf_free(auth->net_access_key); diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index ea1d51e8ed..d21bc9db48 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -675,6 +675,7 @@ static int sae_derive_commit(struct sae_data *sae) * theoretical infinite loop, break out after 100 * attemps. */ + crypto_bignum_deinit(mask, 1); return ESP_FAIL; } if (mask) { diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c index 890655631d..0160695e7a 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c @@ -1,16 +1,8 @@ -// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifdef ESP_PLATFORM #include "esp_system.h" @@ -65,6 +57,7 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, u8 *buf, size_t buflen, size_t padlen) { int num_bytes, offset; + int ret; if (padlen > buflen) { return -1; @@ -82,9 +75,11 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, } os_memset(buf, 0, offset); - mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a))); return num_bytes + offset; +cleanup: + return ret; } diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c index 42290b0384..ec9117ebfd 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c @@ -1,16 +1,8 @@ -// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifdef ESP_PLATFORM #include "esp_system.h" @@ -217,6 +209,9 @@ struct crypto_ec_point *crypto_ec_point_from_bin(struct crypto_ec *e, len = mbedtls_mpi_size(&e->group.P); pt = os_zalloc(sizeof(mbedtls_ecp_point)); + if (!pt) { + return NULL; + } mbedtls_ecp_point_init(pt); MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, val, len)); @@ -490,11 +485,15 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key(); if (!key) { - wpa_printf(MSG_ERROR, "%s: memory allocation failed\n", __func__); + wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__); return NULL; } point = (mbedtls_ecp_point *)crypto_ec_point_from_bin((struct crypto_ec *)group, buf); + if (!point) { + wpa_printf(MSG_ERROR, "%s: Point initialization failed", __func__); + goto fail; + } if (crypto_ec_point_is_at_infinity((struct crypto_ec *)group, (struct crypto_ec_point *)point)) { wpa_printf(MSG_ERROR, "Point is at infinity"); goto fail; @@ -509,30 +508,16 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro wpa_printf(MSG_ERROR, "Invalid key"); goto fail; } - mbedtls_ecp_keypair *ecp_key = malloc(sizeof (*ecp_key)); - if (!ecp_key) { - wpa_printf(MSG_ERROR, "key allocation failed"); - goto fail; - } - - /* Init keypair */ - mbedtls_ecp_keypair_init(ecp_key); - // TODO Is it needed? check? - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&ecp_key->Q, point)); /* Assign values */ if( ( ret = mbedtls_pk_setup( key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 ) goto fail; - if (key->pk_ctx) - os_free(key->pk_ctx); - key->pk_ctx = ecp_key; mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->Q, point); mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->grp, MBEDTLS_ECP_DP_SECP256R1); pkey = (struct crypto_key *)key; -cleanup: crypto_ec_point_deinit((struct crypto_ec_point *)point, 0); return pkey; fail: @@ -566,7 +551,7 @@ int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, char der_data[ECP_PRV_DER_MAX_BYTES]; *key_len = mbedtls_pk_write_key_der(pkey, (unsigned char *)der_data, ECP_PRV_DER_MAX_BYTES); - if (!*key_len) + if (*key_len <= 0) return -1; *key_data = os_malloc(*key_len); @@ -599,12 +584,12 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len) mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; unsigned char buf[MBEDTLS_MPI_MAX_SIZE + 10]; /* tag, length + MPI */ unsigned char *c = buf + sizeof(buf ); - size_t pk_len = 0; + int pk_len = 0; memset(buf, 0, sizeof(buf) ); pk_len = mbedtls_pk_write_pubkey( &c, buf, pkey); - if (!pk_len) + if (pk_len < 0) return -1; if (len == 0) diff --git a/components/wpa_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/src/crypto/tls_mbedtls.c index f130d49f2d..fc770a00c7 100644 --- a/components/wpa_supplicant/src/crypto/tls_mbedtls.c +++ b/components/wpa_supplicant/src/crypto/tls_mbedtls.c @@ -103,11 +103,9 @@ static int tls_mbedtls_write(void *ctx, const unsigned char *buf, size_t len) struct tls_connection *conn = (struct tls_connection *)ctx; struct tls_data *data = &conn->tls_io_data; - if (data->out_data) { - wpabuf_resize(&data->out_data, len); - } else { - data->out_data = wpabuf_alloc(len); - } + if (wpabuf_resize(&data->out_data, len) < 0) { + return 0; + } wpabuf_put_data(data->out_data, buf, len); @@ -807,9 +805,8 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, int ret; u8 seed[2 * TLS_RANDOM_LEN]; mbedtls_ssl_context *ssl = &conn->tls->ssl; - mbedtls_ssl_transform *transform = ssl->transform; - if (!ssl || !transform) { + if (!ssl || !ssl->transform) { wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__); return -1; } diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c b/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c index 11a0564a6c..5171c035bb 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c @@ -102,33 +102,29 @@ bool hostap_deinit(void *data) return true; } - if (hapd->wpa_auth->wpa_ie != NULL) { - os_free(hapd->wpa_auth->wpa_ie); - } - - if (hapd->wpa_auth->group != NULL) { - os_free(hapd->wpa_auth->group); - } - if (hapd->wpa_auth != NULL) { + if (hapd->wpa_auth->wpa_ie != NULL) { + os_free(hapd->wpa_auth->wpa_ie); + } + + if (hapd->wpa_auth->group != NULL) { + os_free(hapd->wpa_auth->group); + } os_free(hapd->wpa_auth); } - if (hapd->conf->ssid.wpa_psk != NULL) { - os_free(hapd->conf->ssid.wpa_psk); - } - - if (hapd->conf->ssid.wpa_passphrase != NULL) { - os_free(hapd->conf->ssid.wpa_passphrase); - } - if (hapd->conf != NULL) { + if (hapd->conf->ssid.wpa_psk != NULL) { + os_free(hapd->conf->ssid.wpa_psk); + } + + if (hapd->conf->ssid.wpa_passphrase != NULL) { + os_free(hapd->conf->ssid.wpa_passphrase); + } os_free(hapd->conf); } - if (hapd != NULL) { - os_free(hapd); - } + os_free(hapd); esp_wifi_unset_appie_internal(WIFI_APPIE_WPA); diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c index db9b44149e..252f833edc 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c @@ -491,33 +491,24 @@ build_nak: if (resp == NULL) { return ESP_FAIL; } - ret = ESP_FAIL; - send_resp: if (resp == NULL) { wpa_printf(MSG_ERROR, "Response build fail, return."); - wpabuf_free(sm->lastRespData); - sm->lastRespData = resp; - wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); - return WPA2_ENT_EAP_STATE_FAIL; + return ESP_FAIL; } ret = eap_sm_send_eapol(sm, resp); - if (ret == ESP_OK) { - if (resp != sm->lastRespData) { - wpabuf_free(sm->lastRespData); - sm->lastRespData = resp; - } - } else { + if (resp != sm->lastRespData) { wpabuf_free(sm->lastRespData); - sm->lastRespData = NULL; + } + if (ret != ESP_OK) { wpabuf_free(resp); resp = NULL; - if (ret == WPA_ERR_INVALID_BSSID) { ret = WPA2_ENT_EAP_STATE_FAIL; wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); } } + sm->lastRespData = resp; out: return ret; } @@ -757,14 +748,16 @@ static int eap_peer_sm_init(void) sm = (struct eap_sm *)os_zalloc(sizeof(*sm)); if (sm == NULL) { - return ESP_ERR_NO_MEM; + ret = ESP_ERR_NO_MEM; + return ret; } + gEapSm = sm; s_wpa2_data_lock = xSemaphoreCreateRecursiveMutex(); if (!s_wpa2_data_lock) { - free(sm); wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock"); - return ESP_ERR_NO_MEM; + ret = ESP_ERR_NO_MEM; + goto _err; } wpa2_set_eap_state(WPA2_ENT_EAP_STATE_NOT_START); @@ -773,36 +766,30 @@ static int eap_peer_sm_init(void) ret = eap_peer_blob_init(sm); if (ret) { wpa_printf(MSG_ERROR, "eap_peer_blob_init failed\n"); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } ret = eap_peer_config_init(sm, g_wpa_private_key_passwd, g_wpa_private_key_passwd_len); if (ret) { wpa_printf(MSG_ERROR, "eap_peer_config_init failed\n"); - eap_peer_blob_deinit(sm); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } sm->ssl_ctx = tls_init(); if (sm->ssl_ctx == NULL) { wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS " "context."); - eap_peer_blob_deinit(sm); - eap_peer_config_deinit(sm); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } wpa2_rxq_init(); gEapSm = sm; #ifdef USE_WPA2_TASK - s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( void * ) ); + s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( s_wpa2_queue ) ); ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, &s_wpa2_task_hdl); if (ret != pdPASS) { wpa_printf(MSG_ERROR, "wps enable: failed to create task"); @@ -811,20 +798,19 @@ static int eap_peer_sm_init(void) } s_wifi_wpa2_sync_sem = xSemaphoreCreateCounting(1, 0); if (!s_wifi_wpa2_sync_sem) { - vQueueDelete(s_wpa2_queue); - s_wpa2_queue = NULL; - eap_peer_blob_deinit(sm); - eap_peer_config_deinit(sm); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem"); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d\n", 2, WPA2_TASK_STACK_SIZE); #endif return ESP_OK; + +_err: + eap_peer_sm_deinit(); + return ret; } /** @@ -857,8 +843,8 @@ static void eap_peer_sm_deinit(void) if (s_wifi_wpa2_sync_sem) { vSemaphoreDelete(s_wifi_wpa2_sync_sem); + s_wifi_wpa2_sync_sem = NULL; } - s_wifi_wpa2_sync_sem = NULL; if (s_wpa2_data_lock) { vSemaphoreDelete(s_wpa2_data_lock); @@ -866,6 +852,10 @@ static void eap_peer_sm_deinit(void) wpa_printf(MSG_DEBUG, "wpa2 eap_peer_sm_deinit: free data lock"); } + if (s_wpa2_queue) { + vQueueDelete(s_wpa2_queue); + s_wpa2_queue = NULL; + } os_free(sm); gEapSm = NULL; } diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c index 9a2ec5aad6..d9d9586192 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c @@ -517,15 +517,16 @@ wps_build_ic_appie_wps_pr(void) 0, NULL); } - if (wps_ie) { - if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) { - wpabuf_put_buf(extra_ie, wps_ie); - } else { - wpabuf_free(wps_ie); - return; - } - wpabuf_free(wps_ie); + if (!wps_ie) { + return; } + if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) { + wpabuf_put_buf(extra_ie, wps_ie); + } else { + wpabuf_free(wps_ie); + return; + } + wpabuf_free(wps_ie); esp_wifi_set_appie_internal(WIFI_APPIE_WPS_PR, (uint8_t *)wpabuf_head(extra_ie), extra_ie->used, 0); wpabuf_free(extra_ie); @@ -647,7 +648,8 @@ int wps_send_eap_identity_rsp(u8 id) ret = esp_wifi_get_assoc_bssid_internal(bssid); if (ret != 0) { wpa_printf(MSG_ERROR, "bssid is empty!"); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } wpabuf_put_data(eap_buf, sm->identity, sm->identity_len); @@ -982,13 +984,6 @@ int wps_finish(void) } if (sm->wps->state == WPS_FINISHED) { - wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t)); - - if (config == NULL) { - wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL; - esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY); - return ESP_FAIL; - } wpa_printf(MSG_DEBUG, "wps finished------>"); wps_set_status(WPS_STATUS_SUCCESS); @@ -997,6 +992,14 @@ int wps_finish(void) ets_timer_disarm(&sm->wps_msg_timeout_timer); if (sm->ap_cred_cnt == 1) { + wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t)); + + if (config == NULL) { + wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL; + esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY); + return ESP_FAIL; + } + os_memset(config, 0x00, sizeof(wifi_sta_config_t)); os_memcpy(config->sta.ssid, sm->ssid[0], sm->ssid_len[0]); os_memcpy(config->sta.password, sm->key[0], sm->key_len[0]); @@ -1406,6 +1409,9 @@ int wps_dev_init(void) return ESP_OK; _out: + if (!dev) { + return ret; + } if (dev->manufacturer) { os_free(dev->manufacturer); } @@ -1594,7 +1600,7 @@ wifi_station_wps_init(void) gWpsSm = (struct wps_sm *)os_zalloc(sizeof(struct wps_sm)); /* alloc Wps_sm */ if (!gWpsSm) { - goto _err; + goto _out; } sm = gWpsSm; @@ -1680,10 +1686,8 @@ _err: wps_deinit(); sm->wps = NULL; } - if (sm) { - os_free(gWpsSm); - gWpsSm = NULL; - } + os_free(gWpsSm); + gWpsSm = NULL; return ESP_FAIL; _out: return ESP_FAIL; @@ -1736,10 +1740,8 @@ wifi_station_wps_deinit(void) wps_deinit(); sm->wps = NULL; } - if (sm) { - os_free(gWpsSm); - gWpsSm = NULL; - } + os_free(gWpsSm); + gWpsSm = NULL; return ESP_OK; } @@ -1977,7 +1979,7 @@ int wps_task_init(void) } os_bzero(s_wps_sig_cnt, SIG_WPS_NUM); - s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof( void * ) ); + s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof(s_wps_queue) ); if (!s_wps_queue) { wpa_printf(MSG_ERROR, "wps task init: failed to alloc queue"); goto _wps_no_mem; diff --git a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c index 341905f7ab..1a4585b6b6 100644 --- a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c +++ b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c @@ -513,7 +513,10 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, .dispatch_method = ESP_TIMER_TASK, .name = "pmksa_timeout_timer" }; - esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer)); + if (esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer)) != ESP_OK) { + os_free(pmksa); + pmksa = NULL; + } } return pmksa; diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index ceae0cc86f..f2de646141 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2197,7 +2197,9 @@ wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len) if (esp_wifi_sta_get_reset_param_internal() != 0) { // check it's psk if (strlen((char *)esp_wifi_sta_get_prof_password_internal()) == 64) { - hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(), esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN); + if (hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(), esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN) != 0) { + return; + } } else { pbkdf2_sha1((char *)esp_wifi_sta_get_prof_password_internal(), (char *)sta_ssid->ssid, (size_t)sta_ssid->len, 4096, esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN); diff --git a/components/wpa_supplicant/src/utils/wpabuf.c b/components/wpa_supplicant/src/utils/wpabuf.c index a4de3a5049..17ebdafc5f 100644 --- a/components/wpa_supplicant/src/utils/wpabuf.c +++ b/components/wpa_supplicant/src/utils/wpabuf.c @@ -1,6 +1,6 @@ /* * Dynamic data buffer - * Copyright (c) 2007-2009, Jouni Malinen + * Copyright (c) 2007-2012, Jouni Malinen * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -72,12 +72,12 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len) if (buf->used + add_len > buf->size) { unsigned char *nbuf; - if (buf->ext_data) { - nbuf = (unsigned char*)os_realloc(buf->ext_data, buf->used + add_len); + if (buf->flags & WPABUF_FLAG_EXT_DATA) { + nbuf = os_realloc(buf->buf, buf->used + add_len); if (nbuf == NULL) return -1; memset(nbuf + buf->used, 0, add_len); - buf->ext_data = nbuf; + buf->buf = nbuf; } else { #ifdef WPA_TRACE nbuf = os_realloc(trace, sizeof(struct wpabuf_trace) + @@ -99,6 +99,7 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len) memset(nbuf + sizeof(struct wpabuf) + buf->used, 0, add_len); #endif /* WPA_TRACE */ + buf->buf = (u8 *) (buf + 1); *_buf = buf; } buf->size = buf->used + add_len; @@ -130,6 +131,7 @@ struct wpabuf * wpabuf_alloc(size_t len) #endif /* WPA_TRACE */ buf->size = len; + buf->buf = (u8 *) (buf + 1); return buf; } @@ -151,7 +153,8 @@ struct wpabuf * wpabuf_alloc_ext_data(u8 *data, size_t len) buf->size = len; buf->used = len; - buf->ext_data = data; + buf->buf = data; + buf->flags |= WPABUF_FLAG_EXT_DATA; return buf; } @@ -191,12 +194,14 @@ void wpabuf_free(struct wpabuf *buf) trace->magic); abort(); } - os_free(buf->ext_data); + if (buf->flags & WPABUF_FLAG_EXT_DATA) + os_free(buf->buf); os_free(trace); #else /* WPA_TRACE */ if (buf == NULL) return; - os_free(buf->ext_data); + if (buf->flags & WPABUF_FLAG_EXT_DATA) + os_free(buf->buf); os_free(buf); #endif /* WPA_TRACE */ } diff --git a/components/wpa_supplicant/src/wps/wps_registrar.c b/components/wpa_supplicant/src/wps/wps_registrar.c index 3d22a5eb5c..677a6510a5 100644 --- a/components/wpa_supplicant/src/wps/wps_registrar.c +++ b/components/wpa_supplicant/src/wps/wps_registrar.c @@ -1652,7 +1652,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg) os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len); // NOLINT(clang-analyzer-unix.Malloc) wps->cred.key_len = wps->new_psk_len; } else if (wps->use_psk_key && wps->wps->psk_set) { - char hex[65]; + char hex[65] = {0}; wpa_printf(MSG_DEBUG, "WPS: Use PSK format for Network Key"); os_memcpy(wps->cred.key, hex, 32 * 2); wps->cred.key_len = 32 * 2; diff --git a/components/wpa_supplicant/test/test_sae.c b/components/wpa_supplicant/test/test_sae.c index 52ac9d9320..3f4aff6628 100644 --- a/components/wpa_supplicant/test/test_sae.c +++ b/components/wpa_supplicant/test/test_sae.c @@ -1,16 +1,8 @@ -// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifdef CONFIG_WPA3_SAE @@ -34,6 +26,7 @@ static struct wpabuf *wpabuf_alloc2(size_t len) if (buf == NULL) return NULL; buf->size = len; + buf->buf = (u8 *)(buf+1); return buf; } @@ -45,7 +38,6 @@ void wpabuf_free2(struct wpabuf *buf) { if (buf == NULL) return; - os_free(buf->ext_data); os_free(buf); }