From 5708e53f3e14f5988ad5b0eca60d9fcce1c72db4 Mon Sep 17 00:00:00 2001 From: Shyamal Khachane Date: Thu, 20 Jul 2023 14:23:37 +0530 Subject: [PATCH] fix(wifi): Fix SAE and SAE related NVS issues 1. Discard commit frame received at confirmed state in SAE STA 2. Bugfix NVS get values for sae pwe 3. Bugfix memory leak caused by assoc retry timer and assoc IE --- components/esp_common/src/esp_err_to_name.c | 3 +++ components/esp_wifi/include/esp_wifi.h | 1 + components/esp_wifi/lib | 2 +- .../wpa_supplicant/esp_supplicant/src/esp_common.c | 9 +++++++++ .../wpa_supplicant/esp_supplicant/src/esp_common_i.h | 1 + .../wpa_supplicant/esp_supplicant/src/esp_wpa3.c | 10 ++++++---- .../wpa_supplicant/esp_supplicant/src/esp_wpa_main.c | 1 + 7 files changed, 22 insertions(+), 5 deletions(-) diff --git a/components/esp_common/src/esp_err_to_name.c b/components/esp_common/src/esp_err_to_name.c index 5273027784..3d3ee99a5e 100644 --- a/components/esp_common/src/esp_err_to_name.c +++ b/components/esp_common/src/esp_err_to_name.c @@ -379,6 +379,9 @@ static const esp_err_msg_t esp_err_msg_table[] = { # endif # ifdef ESP_ERR_WIFI_TX_DISALLOW ERR_TBL_IT(ESP_ERR_WIFI_TX_DISALLOW), /* 12310 0x3016 The WiFi TX is disallowed */ +# endif +# ifdef ESP_ERR_WIFI_DISCARD + ERR_TBL_IT(ESP_ERR_WIFI_DISCARD), /* 12311 0x3017 Discard frame */ # endif // components/wpa_supplicant/esp_supplicant/include/esp_wps.h # ifdef ESP_ERR_WIFI_REGISTRAR diff --git a/components/esp_wifi/include/esp_wifi.h b/components/esp_wifi/include/esp_wifi.h index 71654941ca..18aa2715bb 100644 --- a/components/esp_wifi/include/esp_wifi.h +++ b/components/esp_wifi/include/esp_wifi.h @@ -81,6 +81,7 @@ extern "C" { #define ESP_ERR_WIFI_STOP_STATE (ESP_ERR_WIFI_BASE + 20) /*!< Returned when WiFi is stopping */ #define ESP_ERR_WIFI_NOT_ASSOC (ESP_ERR_WIFI_BASE + 21) /*!< The WiFi connection is not associated */ #define ESP_ERR_WIFI_TX_DISALLOW (ESP_ERR_WIFI_BASE + 22) /*!< The WiFi TX is disallowed */ +#define ESP_ERR_WIFI_DISCARD (ESP_ERR_WIFI_BASE + 23) /*!< Discard frame */ /** * @brief WiFi stack configuration parameters passed to esp_wifi_init call. diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 1e65557980..c6a1eca8ec 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 1e65557980e6cd8af46245f18588ef62c8a40c30 +Subproject commit c6a1eca8ec99f0a0f3c9d8017801b5999534651f diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_common.c b/components/wpa_supplicant/esp_supplicant/src/esp_common.c index 2d45114fad..225fb702f0 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_common.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_common.c @@ -185,6 +185,15 @@ static void register_action_frame(struct wpa_supplicant *wpa_s) } #endif /* defined(CONFIG_WPA_11KV_SUPPORT) */ + +void esp_supplicant_unset_all_appie(void) +{ + uint8_t appie; + for (appie = WIFI_APPIE_PROBEREQ; appie < WIFI_APPIE_RAM_MAX; appie++) { + esp_wifi_unset_appie_internal(appie); + } +} + static int ieee80211_handle_rx_frm(u8 type, u8 *frame, size_t len, u8 *sender, u32 rssi, u8 channel, u64 current_tsf) { diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_common_i.h b/components/wpa_supplicant/esp_supplicant/src/esp_common_i.h index 3c63c7cdd6..fa53975c14 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_common_i.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_common_i.h @@ -50,6 +50,7 @@ static inline void esp_set_scan_ie(void) { } #endif int esp_supplicant_common_init(struct wpa_funcs *wpa_cb); void esp_supplicant_common_deinit(void); +void esp_supplicant_unset_all_appie(void); void esp_set_assoc_ie(uint8_t *bssid, const u8 *ies, size_t ies_len, bool add_mdie); void supplicant_sta_conn_handler(uint8_t* bssid); void supplicant_sta_disconn_handler(void); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c index 9063ba4740..7c761b7156 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c @@ -176,9 +176,8 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status) int ret; if (g_sae_data.state != SAE_COMMITTED) { - wpa_printf(MSG_ERROR, "wpa3: failed to parse SAE commit in state(%d)!", - g_sae_data.state); - return ESP_FAIL; + wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame received in state %d", g_sae_data.state); + return ESP_ERR_WIFI_DISCARD; } if (status == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ) { @@ -201,7 +200,10 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status) ret = sae_parse_commit(&g_sae_data, buf, len, NULL, 0, g_allowed_groups, status == WLAN_STATUS_SAE_HASH_TO_ELEMENT); - if (ret) { + if (ret == SAE_SILENTLY_DISCARD) { + wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame due to reflection attack"); + return ESP_ERR_WIFI_DISCARD; + } else if (ret) { wpa_printf(MSG_ERROR, "wpa3: could not parse commit(%d)", ret); return ret; } diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c index 5051436642..afb1146d73 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c @@ -286,5 +286,6 @@ int esp_supplicant_init(void) int esp_supplicant_deinit(void) { esp_supplicant_common_deinit(); + esp_supplicant_unset_all_appie(); return esp_wifi_unregister_wpa_cb_internal(); }