From e144a602067444d6676410121121cb61d42bfee9 Mon Sep 17 00:00:00 2001
From: Axel Lin <axel.lin@gmail.com>
Date: Wed, 7 Jul 2021 08:17:49 +0800
Subject: [PATCH 1/4] wpa_supplicant: Fix memory leak in esp_issue_scan error
 paths

Fix memory leak when allocate memory for params->ssid / params->bssid fails.

Fixes: 27101f94546b ("wpa_supplicant: Add initial roaming support")
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Sagar Bijwe <sagar@espressif.com>

Merges https://github.com/espressif/esp-idf/pull/7240
---
 components/wpa_supplicant/esp_supplicant/src/esp_scan.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_scan.c b/components/wpa_supplicant/esp_supplicant/src/esp_scan.c
index e1e7ee18df..5c9fc41af2 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_scan.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_scan.c
@@ -199,7 +199,8 @@ static int esp_issue_scan(struct wpa_supplicant *wpa_s,
 			params->ssid = os_zalloc(scan_params->ssids[0].ssid_len + 1);
 			if (!params->ssid) {
 				wpa_printf(MSG_ERROR, "failed to allocate memory");
-				return -1;
+				ret = -1;
+				goto cleanup;
 			}
 			os_memcpy(params->ssid, scan_params->ssids[0].ssid, scan_params->ssids[0].ssid_len);
 			params->scan_type = WIFI_SCAN_TYPE_ACTIVE;
@@ -210,7 +211,8 @@ static int esp_issue_scan(struct wpa_supplicant *wpa_s,
 			params->bssid = os_zalloc(ETH_ALEN);
 			if (!params->bssid) {
 				wpa_printf(MSG_ERROR, "failed to allocate memory");
-				return -1;
+				ret = -1;
+				goto cleanup;
 			}
 			os_memcpy(params->bssid, scan_params->bssid, ETH_ALEN);
 		}

From 2a5d5c02b48d79e263819a8b861a4e4f577b9f74 Mon Sep 17 00:00:00 2001
From: Axel Lin <axel.lin@gmail.com>
Date: Fri, 9 Jul 2021 15:22:48 +0800
Subject: [PATCH 2/4] wpa_supplicant: Fix clear WLAN_FC_STYPE_ACTION bit in
 esp_register_action_frame

It should clear WLAN_FC_STYPE_ACTION bit intead of WLAN_FC_STYPE_ACTION.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Sagar Bijwe <sagar@espressif.com>

Merges https://github.com/espressif/esp-idf/pull/7252
---
 components/wpa_supplicant/esp_supplicant/src/esp_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_common.c b/components/wpa_supplicant/esp_supplicant/src/esp_common.c
index eaa248a2fc..92163e4cf9 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_common.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_common.c
@@ -177,7 +177,7 @@ static void esp_clear_bssid_flag(struct wpa_supplicant *wpa_s)
 
 static void esp_register_action_frame(struct wpa_supplicant *wpa_s)
 {
-	wpa_s->type &= ~WLAN_FC_STYPE_ACTION;
+	wpa_s->type &= ~(1 << WLAN_FC_STYPE_ACTION);
 	/* subtype is defined only for action frame */
 	wpa_s->subtype = 0;
 

From cd68b93e3b6303e5732d28be32f0ab35ba800466 Mon Sep 17 00:00:00 2001
From: Axel Lin <axel.lin@gmail.com>
Date: Tue, 6 Jul 2021 13:41:14 +0800
Subject: [PATCH 3/4] esp_supplicant: Make esp_rrm_send_neighbor_rep_request
 return proper error

Current code always return 0 even though wpas_rrm_send_neighbor_rep_request()
fails. Return proper error so the caller can know what's wrong.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Sagar Bijwe <sagar@espressif.com>

Merges https://github.com/espressif/esp-idf/pull/7233
---
 components/wpa_supplicant/esp_supplicant/src/esp_common.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_common.c b/components/wpa_supplicant/esp_supplicant/src/esp_common.c
index 92163e4cf9..a3ff7d73bc 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_common.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_common.c
@@ -281,9 +281,7 @@ int esp_rrm_send_neighbor_rep_request(neighbor_rep_request_cb cb,
 	struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal();
 	os_memcpy(wpa_ssid.ssid, ssid->ssid, ssid->len);
 	wpa_ssid.ssid_len = ssid->len;
-	wpas_rrm_send_neighbor_rep_request(wpa_s, &wpa_ssid, 0, 0, cb, cb_ctx);
-
-	return 0;
+	return wpas_rrm_send_neighbor_rep_request(wpa_s, &wpa_ssid, 0, 0, cb, cb_ctx);
 }
 
 int esp_wnm_send_bss_transition_mgmt_query(enum btm_query_reason query_reason,

From 20d0891e1ec5549e3d29cf6b91b9b13e0c84f9a1 Mon Sep 17 00:00:00 2001
From: Axel Lin <axel.lin@gmail.com>
Date: Wed, 4 Aug 2021 14:03:12 +0800
Subject: [PATCH 4/4] wpa_supplicant: Trivial typo fix for setting
 spp_sup.require

No functional change since both SPP_AMSDU_CAP_ENABLE and SPP_AMSDU_REQ_ENABLE
are defined as 1.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Sagar Bijwe <sagar@espressif.com>

Merges https://github.com/espressif/esp-idf/pull/7366
---
 components/wpa_supplicant/esp_supplicant/src/esp_hostap.c | 2 +-
 components/wpa_supplicant/src/rsn_supp/wpa.c              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
index 00b08035c6..ec4a2d3fa8 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
@@ -90,7 +90,7 @@ void *hostap_init(void)
 
     spp_attrubute = esp_wifi_get_spp_attrubute_internal(WIFI_IF_AP);
     auth_conf->spp_sup.capable = ((spp_attrubute & WPA_CAPABILITY_SPP_CAPABLE) ? SPP_AMSDU_CAP_ENABLE : SPP_AMSDU_CAP_DISABLE);
-    auth_conf->spp_sup.require = ((spp_attrubute & WPA_CAPABILITY_SPP_REQUIRED) ? SPP_AMSDU_CAP_ENABLE : SPP_AMSDU_REQ_DISABLE);
+    auth_conf->spp_sup.require = ((spp_attrubute & WPA_CAPABILITY_SPP_REQUIRED) ? SPP_AMSDU_REQ_ENABLE : SPP_AMSDU_REQ_DISABLE);
 
     memcpy(hapd->conf->ssid.ssid, ssid->ssid, ssid->len);
     hapd->conf->ssid.ssid_len = ssid->len;
diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c
index 2d45c11632..2de58804d9 100644
--- a/components/wpa_supplicant/src/rsn_supp/wpa.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.c
@@ -2081,7 +2081,7 @@ bool wpa_sm_init(char * payload, WPA_SEND_FUNC snd_func,
 
     spp_attrubute = esp_wifi_get_spp_attrubute_internal(WIFI_IF_STA);
     sm->spp_sup.capable = ((spp_attrubute & WPA_CAPABILITY_SPP_CAPABLE) ? SPP_AMSDU_CAP_ENABLE : SPP_AMSDU_CAP_DISABLE);
-    sm->spp_sup.require = ((spp_attrubute & WPA_CAPABILITY_SPP_REQUIRED) ? SPP_AMSDU_CAP_ENABLE : SPP_AMSDU_REQ_DISABLE);
+    sm->spp_sup.require = ((spp_attrubute & WPA_CAPABILITY_SPP_REQUIRED) ? SPP_AMSDU_REQ_ENABLE : SPP_AMSDU_REQ_DISABLE);
 
     wpa_sm_set_state(WPA_INACTIVE);