espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-30 02:37:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/supplicant_analyzer_fixes_v5.4' into 'release/v5.4'

Browse Source 
Bugfix/supplicant analyzer fixes (v5.4)

See merge request espressif/esp-idf!39455
This commit is contained in:
Jiang Jiang Jian
2025-05-28 14:29:59 +08:00
parent ebcbbb94fe 2348bc3ff9
commit 7cc3e9c957
16 changed files with 224 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/esp_wifi/wifi_apps/roaming_app/src/Kconfig.roaming
View File

@ -93,7 +93,7 @@ menu "Roaming Methods"
config ESP_WIFI_NETWORK_ASSISTED_ROAMING_IP_RENEW_SKIP
bool "Skip IP renew during BTM based roaming"
depends on ESP_WIFI_ROAMING_NETWORK_ASSISTED_ROAM
default y
default n
help
Station will not ask for IP renew after a BTM based roaming. Before enabling please
make sure your network supports this.

11
components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-bignum.c
View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -51,15 +51,20 @@ cleanup:
struct crypto_bignum * crypto_bignum_init_uint(unsigned int val)
{
int ret;
mbedtls_mpi *bn = os_zalloc(sizeof(mbedtls_mpi));
if (bn == NULL) {
if (!bn) {
return NULL;
}
mbedtls_mpi_init(bn);
mbedtls_mpi_lset(bn, val);
ret = mbedtls_mpi_lset(bn, val);
if (ret) {
crypto_bignum_deinit((struct crypto_bignum *)bn, 0);
bn = NULL;
}
return (struct crypto_bignum *)bn;
}

8
components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c
View File

@ -1134,6 +1134,7 @@ struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int y)
{
struct wpabuf *public_key = NULL;
uint8_t *buf = NULL;
int ret;
mbedtls_ecdh_context *ctx = (mbedtls_ecdh_context *)ecdh;
size_t prime_len = ACCESS_ECDH(ctx, grp).pbits / 8;
@ -1144,8 +1145,13 @@ struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int y)
}
/* Export an MPI into unsigned big endian binary data of fixed size */
mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx, Q).MBEDTLS_PRIVATE(X), buf, prime_len);
ret = mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx, Q).MBEDTLS_PRIVATE(X), buf, prime_len);
if (ret) {
goto cleanup;
}
public_key = wpabuf_alloc_copy(buf, 32);
cleanup:
os_free(buf);
return public_key;
}

2
components/wpa_supplicant/esp_supplicant/src/crypto/fastpbkdf2.c
View File

@ -109,7 +109,7 @@ static inline void md_pad(uint8_t *block, size_t blocksz, size_t used, size_t ms
const uint8_t *key, size_t nkey) \
{ \
/* Prepare key: */ \
uint8_t k[_blocksz]; \
uint8_t k[_blocksz] = {0}; \
\
/* Shorten long keys. */ \
if (nkey > _blocksz) \

8
components/wpa_supplicant/esp_supplicant/src/esp_wps.c
View File

@ -641,11 +641,11 @@ int wps_process_wps_mX_req(u8 *ubuf, int len, enum wps_process_res *res)
tlen = frag_len;
}
if (tlen > 50000) {
wpa_printf(MSG_ERROR, "EAP-WSC: Invalid Message Length");
return ESP_FAIL;
}
if ((flag & WPS_MSG_FLAG_MORE) || wps_buf != NULL) {//frag msg
if (tlen > 50000) {
wpa_printf(MSG_ERROR, "EAP-WSC: Invalid Message Length");
return ESP_FAIL;
}
wpa_printf(MSG_DEBUG, "rx frag msg id:%d, flag:%d, frag_len: %d, tot_len: %d, be_tot_len:%d", sm->current_identifier, flag, frag_len, tlen, be_tot_len);
if (ESP_OK != wps_enrollee_process_msg_frag(&wps_buf, tlen, tbuf, frag_len, flag)) {
if (wps_buf) {

173
components/wpa_supplicant/port/eloop.c
View File

@ -6,7 +6,7 @@
* See README for more details.
*/
/*
* SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -18,6 +18,9 @@
#include "eloop.h"
#include "esp_wifi_driver.h"
#include "rom/ets_sys.h"
#include <stdatomic.h>
bool current_task_is_wifi_task(void);
struct eloop_timeout {
struct dl_list list;
@ -29,12 +32,17 @@ struct eloop_timeout {
char func_name[100];
int line;
#endif
void *sync_semph;
int ret;
eloop_blocking_timeout_handler blocking_handler;
};
struct eloop_data {
struct dl_list timeout;
ETSTimer eloop_timer;
bool eloop_started;
atomic_bool eloop_started;
atomic_bool timeout_running;
void *eloop_semph;
};
#define ELOOP_LOCK() os_mutex_lock(eloop_data_lock)
@ -74,7 +82,8 @@ int eloop_init(void)
wpa_printf(MSG_ERROR, "failed to create eloop data loop");
return -1;
}
eloop.eloop_started = true;
atomic_store(&eloop.eloop_started, true);
atomic_store(&eloop.timeout_running, false);
return 0;
}
@ -95,6 +104,9 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs,
int count = 0;
#endif
if (!atomic_load(&eloop.eloop_started)) {
return -1;
}
timeout = os_zalloc(sizeof(*timeout));
if (timeout == NULL) {
return -1;
@ -164,6 +176,90 @@ overflow:
return 0;
}
#ifdef ELOOP_DEBUG
int eloop_register_timeout_blocking_debug(eloop_blocking_timeout_handler handler, void *eloop_data,
void *user_data, const char *func, int line)
#else
int eloop_register_timeout_blocking(eloop_blocking_timeout_handler handler,
void *eloop_data, void *user_data)
#endif
{
struct eloop_timeout *timeout, *tmp;
#ifdef ELOOP_DEBUG
int count = 0;
#endif
int ret;
if (current_task_is_wifi_task()) {
assert(false);
return -1;
}
if (!atomic_load(&eloop.eloop_started)) {
return -1;
}
timeout = os_zalloc(sizeof(*timeout));
if (timeout == NULL) {
return -1;
}
if (os_get_reltime(&timeout->time) < 0) {
os_free(timeout);
return -1;
}
timeout->eloop_data = eloop_data;
timeout->user_data = user_data;
timeout->blocking_handler = handler;
#ifdef ELOOP_DEBUG
os_strlcpy(timeout->func_name, func, 100);
timeout->line = line;
#endif
ELOOP_LOCK();
if (!eloop.eloop_semph) {
eloop.eloop_semph = os_semphr_create(1, 0);
}
ELOOP_UNLOCK();
if (!eloop.eloop_semph) {
wpa_printf(MSG_INFO, "ELOOP: sync semphr not available");
os_free(timeout);
return -1;
}
timeout->sync_semph = eloop.eloop_semph;
/* Maintain timeouts in order of increasing time */
dl_list_for_each(tmp, &eloop.timeout, struct eloop_timeout, list) {
if (os_reltime_before(&timeout->time, &tmp->time)) {
ELOOP_LOCK();
dl_list_add(tmp->list.prev, &timeout->list);
ELOOP_UNLOCK();
goto run;
}
#ifdef ELOOP_DEBUG
count++;
#endif
}
ELOOP_LOCK();
dl_list_add_tail(&eloop.timeout, &timeout->list);
ELOOP_UNLOCK();
run:
#ifdef ELOOP_DEBUG
wpa_printf(MSG_DEBUG, "ELOOP: Added one blocking timer from %s:%d to call %p, current order=%d",
timeout->func_name, line, timeout->handler, count);
#endif
ELOOP_LOCK();
os_timer_disarm(&eloop.eloop_timer);
os_timer_arm(&eloop.eloop_timer, 0, 0);
ELOOP_UNLOCK();
wpa_printf(MSG_DEBUG, "ELOOP: waiting for sync semphr");
os_semphr_take(eloop.eloop_semph, OS_BLOCK);
ret = timeout->ret;
os_free(timeout);
return ret;
}
static bool timeout_exists(struct eloop_timeout *old)
{
struct eloop_timeout *timeout, *prev;
@ -177,6 +273,18 @@ static bool timeout_exists(struct eloop_timeout *old)
return false;
}
static void eloop_remove_blocking_timeout(struct eloop_timeout *timeout)
{
bool timeout_present = false;
ELOOP_LOCK();
/* Make sure timeout still exists(Another context may have deleted this) */
timeout_present = timeout_exists(timeout);
if (timeout_present) {
dl_list_del(&timeout->list);
}
ELOOP_UNLOCK();
}
static void eloop_remove_timeout(struct eloop_timeout *timeout)
{
bool timeout_present = false;
@ -331,6 +439,11 @@ void eloop_run(void)
{
struct os_reltime tv, now;
if (!atomic_load(&eloop.eloop_started)) {
return;
}
atomic_store(&eloop.timeout_running, true);
while (!dl_list_empty(&eloop.timeout)) {
struct eloop_timeout *timeout;
@ -348,17 +461,10 @@ void eloop_run(void)
os_timer_arm(&eloop.eloop_timer, ms, 0);
ELOOP_UNLOCK();
goto out;
}
}
/* check if some registered timeouts have occurred */
timeout = dl_list_first(&eloop.timeout, struct eloop_timeout,
list);
if (timeout) {
os_get_reltime(&now);
if (!os_reltime_before(&now, &timeout->time)) {
} else {
void *eloop_data = timeout->eloop_data;
void *user_data = timeout->user_data;
void *sync_semaphr = timeout->sync_semph;
eloop_timeout_handler handler =
timeout->handler;
#ifdef ELOOP_DEBUG
@ -366,30 +472,54 @@ void eloop_run(void)
int line = timeout->line;
os_strlcpy(fn_name, timeout->func_name, 100);
#endif
eloop_remove_timeout(timeout);
/* will be freed in caller context in blocking call */
if (!sync_semaphr) {
eloop_remove_timeout(timeout);
#ifdef ELOOP_DEBUG
wpa_printf(MSG_DEBUG, "ELOOP: Running timer fn:%p scheduled by %s:%d ",
handler, fn_name, line);
wpa_printf(MSG_DEBUG, "ELOOP: Running timer fn:%p scheduled by %s:%d ",
handler, fn_name, line);
#endif
handler(eloop_data, user_data);
handler(eloop_data, user_data);
} else {
eloop_remove_blocking_timeout(timeout);
eloop_blocking_timeout_handler handler2 =
timeout->blocking_handler;
#ifdef ELOOP_DEBUG
wpa_printf(MSG_DEBUG, "ELOOP: Running blocking timer fn:%p scheduled by %s:%d ",
handler2, fn_name, line);
#endif
timeout->ret = handler2(eloop_data, user_data);
#ifdef ELOOP_DEBUG
wpa_printf(MSG_DEBUG, "ELOOP: releasing sync semaphor");
#endif
os_semphr_give(sync_semaphr);
}
}
}
}
out:
atomic_store(&eloop.timeout_running, false);
return;
}
void eloop_destroy(void)
{
struct eloop_timeout *timeout, *prev;
struct os_reltime now;
if (!eloop.eloop_started) {
if (!atomic_load(&eloop.eloop_started)) {
return;
}
os_get_reltime(&now);
atomic_store(&eloop.eloop_started, false);
while (atomic_load(&eloop.timeout_running)) {
vTaskDelay(100 / portTICK_PERIOD_MS); // Yield CPU
}
dl_list_for_each_safe(timeout, prev, &eloop.timeout,
struct eloop_timeout, list) {
#ifdef ELOOP_DEBUG
struct os_reltime now;
os_get_reltime(&now);
int sec, usec;
sec = timeout->time.sec - now.sec;
usec = timeout->time.usec - now.usec;
@ -401,12 +531,17 @@ void eloop_destroy(void)
"eloop_data=%p user_data=%p handler=%p",
sec, usec, timeout->eloop_data, timeout->user_data,
timeout->handler);
#endif
eloop_remove_timeout(timeout);
}
if (eloop_data_lock) {
os_mutex_delete(eloop_data_lock);
eloop_data_lock = NULL;
}
if (eloop.eloop_semph) {
os_semphr_delete(eloop.eloop_semph);
eloop.eloop_semph = NULL;
}
os_timer_disarm(&eloop.eloop_timer);
os_timer_done(&eloop.eloop_timer);
os_memset(&eloop, 0, sizeof(eloop));

1
components/wpa_supplicant/src/ap/wpa_auth.c
View File

@ -1628,6 +1628,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
sm->EAPOLKeyReceived = FALSE;
sm->update_snonce = FALSE;
os_memset(&PTK, 0, sizeof(PTK));
/* WPA with IEEE 802.1X: use the derived PMK from EAP
* WPA-PSK: iterate through possible PSKs and select the one matching

2
components/wpa_supplicant/src/crypto/sha256-prf.c
View File

@ -97,7 +97,7 @@ int sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
* Mask out unused bits in the last octet if it does not use all the
* bits.
*/
if (buf_len_bits % 8) {
if (pos > 0 && (buf_len_bits % 8)) {
u8 mask = 0xff << (8 - buf_len_bits % 8);
buf[pos - 1] &= mask;
}

2
components/wpa_supplicant/src/crypto/sha384-prf.c
View File

@ -97,7 +97,7 @@ int sha384_prf_bits(const u8 *key, size_t key_len, const char *label,
* Mask out unused bits in the last octet if it does not use all the
* bits.
*/
if (buf_len_bits % 8) {
if (pos > 0 && (buf_len_bits % 8)) {
u8 mask = 0xff << (8 - buf_len_bits % 8);
buf[pos - 1] &= mask;
}

9
components/wpa_supplicant/src/eap_peer/eap_fast_pac.c
View File

@ -426,11 +426,9 @@ int eap_fast_load_pac(struct eap_sm *sm, struct eap_fast_pac **pac_root,
if (eap_fast_read_line(&rc, &pos) < 0) {
/* empty file - assume it is fine to overwrite */
printf("\n\nassuming it is fine to overwrite... \n\n");
eap_fast_deinit_pac_data(&rc);
return 0;
}
printf("\n\nPAC FILE =\n%s", rc.pos);
if (os_strcmp(pac_file_hdr, rc.buf) != 0)
err = "Unrecognized header line";
@ -546,11 +544,13 @@ static int eap_fast_write_pac(struct eap_sm *sm, const char *pac_file,
blob->data = (u8 *) buf;
blob->len = len;
buf = NULL;
#ifndef ESP_SUPPLICANT
blob->name = os_strdup(pac_file + 7);
if (blob->name == NULL) {
os_free(blob);
return -1;
}
#endif
eap_set_config_blob(sm, blob);
os_free(blob);
} else {
@ -657,7 +657,6 @@ int eap_fast_save_pac(struct eap_sm *sm, struct eap_fast_pac *pac_root,
return -1;
}
wpa_printf(MSG_DEBUG, "PAC file: %s", (sm->blob[3].data));
wpa_printf(MSG_DEBUG, "EAP-FAST: Wrote %d PAC entries into '%s'",
count, pac_file);
@ -755,8 +754,7 @@ int eap_fast_load_pac_bin(struct eap_sm *sm, struct eap_fast_pac **pac_root,
{
const struct wpa_config_blob *blob = NULL;
u8 *buf, *end, *pos;
size_t len = 0;
size_t count = 0;
size_t len, count = 0;
struct eap_fast_pac *pac, *prev;
*pac_root = NULL;
@ -776,6 +774,7 @@ int eap_fast_load_pac_bin(struct eap_sm *sm, struct eap_fast_pac **pac_root,
len = blob->len;
} else {
buf = (u8 *) sm->blob[3].data; //(u8 *) os_readfile(pac_file, &len);
len = sm->blob[3].len;
if (buf == NULL) {
wpa_printf(MSG_INFO, "EAP-FAST: No PAC file '%s' - "
"assume no PAC entries have been "

9
components/wpa_supplicant/src/eap_peer/eap_ttls.c
View File

@ -117,7 +117,7 @@ static void * eap_ttls_init(struct eap_sm *sm)
static void eap_ttls_phase2_eap_deinit(struct eap_sm *sm,
struct eap_ttls_data *data)
struct eap_ttls_data *data)
{
if (data->phase2_priv && data->phase2_method) {
data->phase2_method->deinit(sm, data->phase2_priv);
@ -130,7 +130,7 @@ static void eap_ttls_phase2_eap_deinit(struct eap_sm *sm,
static void eap_ttls_free_key(struct eap_ttls_data *data)
{
if (data->key_data) {
bin_clear_free(data->key_data, EAP_TLS_KEY_LEN);
bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
data->key_data = NULL;
}
}
@ -153,7 +153,7 @@ static void eap_ttls_deinit(struct eap_sm *sm, void *priv)
static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
int mandatory, size_t len)
int mandatory, size_t len)
{
struct ttls_avp_vendor *avp;
u8 flags;
@ -170,7 +170,8 @@ static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
}
avp->avp_code = host_to_be32(avp_code);
avp->avp_length = host_to_be32((flags << 24) | (u32) (hdrlen + len));
avp->avp_length = host_to_be32(((u32) flags << 24) |
(u32) (hdrlen + len));
return avphdr + hdrlen;
}

10
components/wpa_supplicant/src/rsn_supp/wpa_ie.c
View File

@ -297,7 +297,7 @@ int wpa_gen_wpa_ie(struct wpa_sm *sm, u8 *wpa_ie, size_t wpa_ie_len)
int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len)
{
u8 *pos = rsnxe;
u16 capab = 0;
u16 capab = 0, tmp;
size_t flen;
if (wpa_key_mgmt_sae(sm->key_mgmt) &&
@ -311,9 +311,15 @@ int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len)
#endif /* CONFIG_SAE_PK */
}
flen = (capab & 0xff00) ? 2 : 1;
if (!capab)
return 0; /* no supported extended RSN capabilities */
tmp = capab;
flen = 0;
while (tmp) {
flen++;
tmp >>= 8;
}
if (rsnxe_len < 2 + flen)
return -1;
capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */

16
components/wpa_supplicant/src/utils/eloop.h
View File

@ -56,6 +56,9 @@ typedef void (*eloop_event_handler)(void *eloop_ctx, void *user_ctx);
*/
typedef void (*eloop_timeout_handler)(void *eloop_ctx, void *user_ctx);
typedef int (*eloop_blocking_timeout_handler)(void *eloop_ctx, void *user_ctx);
/**
* eloop_signal_handler - eloop signal event callback type
* @sig: Signal number
@ -190,6 +193,19 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs,
void *eloop_data, void *user_data);
#endif
#ifdef ELOOP_DEBUG
int eloop_register_timeout_blocking_debug(eloop_blocking_timeout_handler handler, void *eloop_data,
void *user_data, const char *func, int line);
#define eloop_register_timeout_blocking(handler, eloop_data, user_data) \
eloop_register_timeout_blocking_debug(handler, eloop_data, user_data, __func__, __LINE__)
#else
int eloop_register_timeout_blocking(eloop_blocking_timeout_handler handler,
void *eloop_data, void *user_data);
#endif
/**
* eloop_cancel_timeout - Cancel timeouts
* @handler: Matching callback function

3
components/wpa_supplicant/src/utils/json.c
View File

@ -269,7 +269,8 @@ struct json_token * json_parse(const char *data, size_t data_len)
case ']': /* end array */
case '}': /* end object */
if (!curr_token || !curr_token->parent ||
curr_token->parent->state != JSON_STARTED) {
curr_token->parent->state != JSON_STARTED ||
depth == 0) {
wpa_printf(MSG_DEBUG,
"JSON: Invalid state for end array/object");
goto fail;

2
components/wpa_supplicant/src/wps/wps.h
View File

@ -121,7 +121,7 @@ struct wps_config {
/**
* pin - Enrollee Device Password (%NULL for Registrar or PBC)
*/
const u8 pin[9];
u8 pin[9];
/**
* pin_len - Length on pin in octets

12
components/wpa_supplicant/test_apps/main/test_eloop.c
View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
@ -25,7 +25,6 @@ static int executed_order[6];
static int t;
static struct os_reltime ts;
/* there is only single instance of esp_timer so no need of protection */
static void callback(void *a, void *b)
{
@ -80,6 +79,15 @@ TEST_CASE("Test eloop timers run", "[eloop]")
os_sleep(20, 0);
/* check the execution order, this will also check whether they were fired at correct time */
TEST_ASSERT(memcmp(execution_order, executed_order, 6 * sizeof(int)) == 0);
/* Add timers to check deinit happens gracefully */
for (int i = 0; i < 6; i++) {
eloop_register_timeout(timeouts_sec[i], timeouts_usec[i],
callback, &index[i], NULL);
}
/* Stop wifi before all the timers have run */
os_sleep(2, 0);
TEST_ESP_OK(esp_wifi_stop());
TEST_ESP_OK(esp_wifi_deinit());
os_sleep(3, 0);