diff --git a/components/wpa_supplicant/include/utils/wpa_debug.h b/components/wpa_supplicant/include/utils/wpa_debug.h index e32c697fe9..571d06160b 100644 --- a/components/wpa_supplicant/include/utils/wpa_debug.h +++ b/components/wpa_supplicant/include/utils/wpa_debug.h @@ -172,7 +172,7 @@ void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf, * * Note: New line '\n' is added to the end of the text when printing to stdout. */ -void wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4); +#define wpa_msg(...) do {} while(0) /** * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors diff --git a/components/wpa_supplicant/include/utils/wpabuf.h b/components/wpa_supplicant/include/utils/wpabuf.h index 2a5fa3f5dc..092b31e08b 100644 --- a/components/wpa_supplicant/include/utils/wpabuf.h +++ b/components/wpa_supplicant/include/utils/wpabuf.h @@ -1,6 +1,6 @@ /* * Dynamic data buffer - * Copyright (c) 2007-2009, Jouni Malinen + * Copyright (c) 2007-2012, Jouni Malinen * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -15,6 +15,9 @@ #ifndef WPABUF_H #define WPABUF_H +/* wpabuf::buf is a pointer to external data */ +#define WPABUF_FLAG_EXT_DATA BIT(0) + /* * Internal data structure for wpabuf. Please do not touch this directly from * elsewhere. This is only defined in header file to allow inline functions @@ -23,8 +26,8 @@ struct wpabuf { size_t size; /* total size of the allocated buffer */ size_t used; /* length of data in the buffer */ - u8 *ext_data; /* pointer to external data; NULL if data follows - * struct wpabuf */ + u8 *buf; /* pointer to the head of the buffer */ + unsigned int flags; /* optionally followed by the allocated buffer */ }; @@ -79,9 +82,7 @@ static inline size_t wpabuf_tailroom(const struct wpabuf *buf) */ static inline const void * wpabuf_head(const struct wpabuf *buf) { - if (buf->ext_data) - return buf->ext_data; - return buf + 1; + return buf->buf; } static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf) @@ -96,9 +97,7 @@ static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf) */ static inline void * wpabuf_mhead(struct wpabuf *buf) { - if (buf->ext_data) - return buf->ext_data; - return buf + 1; + return buf->buf; } static inline u8 * wpabuf_mhead_u8(struct wpabuf *buf) @@ -157,7 +156,8 @@ static inline void wpabuf_put_buf(struct wpabuf *dst, static inline void wpabuf_set(struct wpabuf *buf, const void *data, size_t len) { - buf->ext_data = (u8 *) data; + buf->buf = (u8 *) data; + buf->flags = WPABUF_FLAG_EXT_DATA; buf->size = buf->used = len; } diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index 8b43098790..b1562eca9e 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -1590,7 +1590,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) sm->pending_1_of_4_timeout = 0; eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); - if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { + if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) { /* PSK may have changed from the previous choice, so update * state machine data based on whatever PSK was selected here. */ diff --git a/components/wpa_supplicant/src/ap/wpa_auth_ie.c b/components/wpa_supplicant/src/ap/wpa_auth_ie.c index 34f12217db..1dda65c4fc 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth_ie.c +++ b/components/wpa_supplicant/src/ap/wpa_auth_ie.c @@ -353,7 +353,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, const u8 *wpa_ie, size_t wpa_ie_len/*, const u8 *mdie, size_t mdie_len*/) { - struct wpa_ie_data data; + struct wpa_ie_data data = {0}; int ciphers, key_mgmt, res, version; u32 selector; diff --git a/components/wpa_supplicant/src/common/dpp.c b/components/wpa_supplicant/src/common/dpp.c index 8e97ac5640..452432d81e 100644 --- a/components/wpa_supplicant/src/common/dpp.c +++ b/components/wpa_supplicant/src/common/dpp.c @@ -52,10 +52,6 @@ static const struct dpp_curve_params dpp_curves[] = { { NULL, 0, 0, 0, 0, NULL, 0, NULL } }; -void wpa_msg(void *ctx, int level, const char *fmt, ...) -{ -} - static struct wpabuf * gas_build_req(u8 action, u8 dialog_token, size_t size) { @@ -851,7 +847,7 @@ static int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k1, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -880,7 +876,7 @@ static int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k2, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -939,7 +935,7 @@ static int dpp_derive_ke(struct dpp_authentication *auth, u8 *ke, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info_ke, ke, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -3936,7 +3932,7 @@ static void dpp_build_legacy_cred_params(struct wpabuf *buf, wpa_snprintf_hex(psk, sizeof(psk), conf->psk, sizeof(conf->psk)); json_add_string(buf, "psk_hex", psk); - os_memset(psk, 0, sizeof(psk)); + forced_memzero(psk, sizeof(psk)); } } @@ -4108,6 +4104,8 @@ skip_groups: goto fail; signature = os_malloc(2 * curve->prime_len); + if (!signature) + goto fail; if (dpp_bn2bin_pad(r, signature, curve->prime_len) < 0 || dpp_bn2bin_pad(s, signature + curve->prime_len, curve->prime_len) < 0) @@ -4668,6 +4666,7 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk, struct wpabuf *x = NULL, *y = NULL, *a = NULL; struct crypto_ec_group *group; struct crypto_key *pkey = NULL; + size_t len; token = json_get_member(jwk, "kty"); if (!token || token->type != JSON_STRING) { @@ -4726,9 +4725,10 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk, goto fail; } + len = wpabuf_len(x); a = wpabuf_concat(x, y); pkey = crypto_ec_set_pubkey_point(group, wpabuf_head(a), - wpabuf_len(x)); + len); crypto_ec_deinit((struct crypto_ec *)group); *key_curve = curve; @@ -4967,8 +4967,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth, unsigned char *der = NULL; int der_len; - crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len); - if (der_len <= 0) { + if (crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len) < 0) { return; } wpabuf_free(auth->net_access_key); @@ -5726,7 +5725,7 @@ static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info, pmk, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -5931,7 +5930,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, fail: if (ret != DPP_STATUS_OK) os_memset(intro, 0, sizeof(*intro)); - os_memset(Nx, 0, sizeof(Nx)); + forced_memzero(Nx, sizeof(Nx)); os_free(own_conn); os_free(signed_connector); os_free(info.payload); diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index 65f24af06a..d21bc9db48 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -147,7 +147,7 @@ static struct crypto_bignum * sae_get_rand(struct sae_data *sae) break; } - os_memset(val, 0, order_len); + forced_memzero(val, order_len); return bn; } @@ -675,6 +675,7 @@ static int sae_derive_commit(struct sae_data *sae) * theoretical infinite loop, break out after 100 * attemps. */ + crypto_bignum_deinit(mask, 1); return ESP_FAIL; } if (mask) { @@ -828,11 +829,11 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k) if (sha256_prf(keyseed, sizeof(keyseed), "SAE KCK and PMK", val, sae->tmp->prime_len, keys, sizeof(keys)) < 0) goto fail; - os_memset(keyseed, 0, sizeof(keyseed)); + forced_memzero(keyseed, sizeof(keyseed)); os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN); os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN); os_memcpy(sae->pmkid, val, SAE_PMKID_LEN); - os_memset(keys, 0, sizeof(keys)); + forced_memzero(keys, sizeof(keys)); wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN); wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN); @@ -1179,8 +1180,6 @@ static int sae_parse_password_identifier(struct sae_data *sae, sae->tmp->pw_id); return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER; } - os_free(sae->tmp->pw_id); - sae->tmp->pw_id = NULL; return WLAN_STATUS_SUCCESS; /* No Password Identifier */ } diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c index 890655631d..0160695e7a 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c @@ -1,16 +1,8 @@ -// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifdef ESP_PLATFORM #include "esp_system.h" @@ -65,6 +57,7 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, u8 *buf, size_t buflen, size_t padlen) { int num_bytes, offset; + int ret; if (padlen > buflen) { return -1; @@ -82,9 +75,11 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, } os_memset(buf, 0, offset); - mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a))); return num_bytes + offset; +cleanup: + return ret; } diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c index 42290b0384..ec9117ebfd 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c @@ -1,16 +1,8 @@ -// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifdef ESP_PLATFORM #include "esp_system.h" @@ -217,6 +209,9 @@ struct crypto_ec_point *crypto_ec_point_from_bin(struct crypto_ec *e, len = mbedtls_mpi_size(&e->group.P); pt = os_zalloc(sizeof(mbedtls_ecp_point)); + if (!pt) { + return NULL; + } mbedtls_ecp_point_init(pt); MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, val, len)); @@ -490,11 +485,15 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key(); if (!key) { - wpa_printf(MSG_ERROR, "%s: memory allocation failed\n", __func__); + wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__); return NULL; } point = (mbedtls_ecp_point *)crypto_ec_point_from_bin((struct crypto_ec *)group, buf); + if (!point) { + wpa_printf(MSG_ERROR, "%s: Point initialization failed", __func__); + goto fail; + } if (crypto_ec_point_is_at_infinity((struct crypto_ec *)group, (struct crypto_ec_point *)point)) { wpa_printf(MSG_ERROR, "Point is at infinity"); goto fail; @@ -509,30 +508,16 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro wpa_printf(MSG_ERROR, "Invalid key"); goto fail; } - mbedtls_ecp_keypair *ecp_key = malloc(sizeof (*ecp_key)); - if (!ecp_key) { - wpa_printf(MSG_ERROR, "key allocation failed"); - goto fail; - } - - /* Init keypair */ - mbedtls_ecp_keypair_init(ecp_key); - // TODO Is it needed? check? - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&ecp_key->Q, point)); /* Assign values */ if( ( ret = mbedtls_pk_setup( key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 ) goto fail; - if (key->pk_ctx) - os_free(key->pk_ctx); - key->pk_ctx = ecp_key; mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->Q, point); mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->grp, MBEDTLS_ECP_DP_SECP256R1); pkey = (struct crypto_key *)key; -cleanup: crypto_ec_point_deinit((struct crypto_ec_point *)point, 0); return pkey; fail: @@ -566,7 +551,7 @@ int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, char der_data[ECP_PRV_DER_MAX_BYTES]; *key_len = mbedtls_pk_write_key_der(pkey, (unsigned char *)der_data, ECP_PRV_DER_MAX_BYTES); - if (!*key_len) + if (*key_len <= 0) return -1; *key_data = os_malloc(*key_len); @@ -599,12 +584,12 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len) mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; unsigned char buf[MBEDTLS_MPI_MAX_SIZE + 10]; /* tag, length + MPI */ unsigned char *c = buf + sizeof(buf ); - size_t pk_len = 0; + int pk_len = 0; memset(buf, 0, sizeof(buf) ); pk_len = mbedtls_pk_write_pubkey( &c, buf, pkey); - if (!pk_len) + if (pk_len < 0) return -1; if (len == 0) diff --git a/components/wpa_supplicant/src/crypto/des-internal.c b/components/wpa_supplicant/src/crypto/des-internal.c index 077b7d013c..062050f381 100644 --- a/components/wpa_supplicant/src/crypto/des-internal.c +++ b/components/wpa_supplicant/src/crypto/des-internal.c @@ -419,8 +419,8 @@ void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) WPA_PUT_BE32(cypher, work[0]); WPA_PUT_BE32(cypher + 4, work[1]); - os_memset(pkey, 0, sizeof(pkey)); - os_memset(ek, 0, sizeof(ek)); + forced_memzero(pkey, sizeof(pkey)); + forced_memzero(ek, sizeof(ek)); } /* diff --git a/components/wpa_supplicant/src/crypto/libtommath.h b/components/wpa_supplicant/src/crypto/libtommath.h index 1010f9f63f..b50806d14d 100644 --- a/components/wpa_supplicant/src/crypto/libtommath.h +++ b/components/wpa_supplicant/src/crypto/libtommath.h @@ -1657,7 +1657,7 @@ mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d) } /* init our temps */ - if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) { + if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) { return res; } diff --git a/components/wpa_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/src/crypto/tls_mbedtls.c index f130d49f2d..c971b1ba3f 100644 --- a/components/wpa_supplicant/src/crypto/tls_mbedtls.c +++ b/components/wpa_supplicant/src/crypto/tls_mbedtls.c @@ -103,11 +103,9 @@ static int tls_mbedtls_write(void *ctx, const unsigned char *buf, size_t len) struct tls_connection *conn = (struct tls_connection *)ctx; struct tls_data *data = &conn->tls_io_data; - if (data->out_data) { - wpabuf_resize(&data->out_data, len); - } else { - data->out_data = wpabuf_alloc(len); - } + if (wpabuf_resize(&data->out_data, len) < 0) { + return 0; + } wpabuf_put_data(data->out_data, buf, len); @@ -807,9 +805,8 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, int ret; u8 seed[2 * TLS_RANDOM_LEN]; mbedtls_ssl_context *ssl = &conn->tls->ssl; - mbedtls_ssl_transform *transform = ssl->transform; - if (!ssl || !transform) { + if (!ssl || !ssl->transform) { wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__); return -1; } @@ -828,10 +825,10 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN); wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->session->master, TLS_MASTER_SECRET_LEN); - if (transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { + if (ssl->transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { ret = tls_prf_sha384(ssl->session->master, TLS_MASTER_SECRET_LEN, label, seed, 2 * TLS_RANDOM_LEN, out, out_len); - } else if (transform->ciphersuite_info->mac == MBEDTLS_MD_SHA256) { + } else if (ssl->transform->ciphersuite_info->mac == MBEDTLS_MD_SHA256) { ret = tls_prf_sha256(ssl->session->master, TLS_MASTER_SECRET_LEN, label, seed, 2 * TLS_RANDOM_LEN, out, out_len); } else { diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c b/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c index 11a0564a6c..5171c035bb 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c @@ -102,33 +102,29 @@ bool hostap_deinit(void *data) return true; } - if (hapd->wpa_auth->wpa_ie != NULL) { - os_free(hapd->wpa_auth->wpa_ie); - } - - if (hapd->wpa_auth->group != NULL) { - os_free(hapd->wpa_auth->group); - } - if (hapd->wpa_auth != NULL) { + if (hapd->wpa_auth->wpa_ie != NULL) { + os_free(hapd->wpa_auth->wpa_ie); + } + + if (hapd->wpa_auth->group != NULL) { + os_free(hapd->wpa_auth->group); + } os_free(hapd->wpa_auth); } - if (hapd->conf->ssid.wpa_psk != NULL) { - os_free(hapd->conf->ssid.wpa_psk); - } - - if (hapd->conf->ssid.wpa_passphrase != NULL) { - os_free(hapd->conf->ssid.wpa_passphrase); - } - if (hapd->conf != NULL) { + if (hapd->conf->ssid.wpa_psk != NULL) { + os_free(hapd->conf->ssid.wpa_psk); + } + + if (hapd->conf->ssid.wpa_passphrase != NULL) { + os_free(hapd->conf->ssid.wpa_passphrase); + } os_free(hapd->conf); } - if (hapd != NULL) { - os_free(hapd); - } + os_free(hapd); esp_wifi_unset_appie_internal(WIFI_APPIE_WPA); diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c index 4c817ea476..252f833edc 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c @@ -72,7 +72,7 @@ static int wpa2_start_eapol_internal(void); int wpa2_post(uint32_t sig, uint32_t par); #ifdef USE_WPA2_TASK -static void *s_wpa2_task_hdl = NULL; +static TaskHandle_t s_wpa2_task_hdl = NULL; static void *s_wpa2_queue = NULL; static wpa2_state_t s_wpa2_state = WPA2_STATE_DISABLED; static void *s_wpa2_api_lock = NULL; @@ -491,33 +491,24 @@ build_nak: if (resp == NULL) { return ESP_FAIL; } - ret = ESP_FAIL; - send_resp: if (resp == NULL) { wpa_printf(MSG_ERROR, "Response build fail, return."); - wpabuf_free(sm->lastRespData); - sm->lastRespData = resp; - wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); - return WPA2_ENT_EAP_STATE_FAIL; + return ESP_FAIL; } ret = eap_sm_send_eapol(sm, resp); - if (ret == ESP_OK) { - if (resp != sm->lastRespData) { - wpabuf_free(sm->lastRespData); - sm->lastRespData = resp; - } - } else { + if (resp != sm->lastRespData) { wpabuf_free(sm->lastRespData); - sm->lastRespData = NULL; + } + if (ret != ESP_OK) { wpabuf_free(resp); resp = NULL; - if (ret == WPA_ERR_INVALID_BSSID) { ret = WPA2_ENT_EAP_STATE_FAIL; wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); } } + sm->lastRespData = resp; out: return ret; } @@ -757,14 +748,16 @@ static int eap_peer_sm_init(void) sm = (struct eap_sm *)os_zalloc(sizeof(*sm)); if (sm == NULL) { - return ESP_ERR_NO_MEM; + ret = ESP_ERR_NO_MEM; + return ret; } + gEapSm = sm; s_wpa2_data_lock = xSemaphoreCreateRecursiveMutex(); if (!s_wpa2_data_lock) { - free(sm); wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock"); - return ESP_ERR_NO_MEM; + ret = ESP_ERR_NO_MEM; + goto _err; } wpa2_set_eap_state(WPA2_ENT_EAP_STATE_NOT_START); @@ -773,53 +766,51 @@ static int eap_peer_sm_init(void) ret = eap_peer_blob_init(sm); if (ret) { wpa_printf(MSG_ERROR, "eap_peer_blob_init failed\n"); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } ret = eap_peer_config_init(sm, g_wpa_private_key_passwd, g_wpa_private_key_passwd_len); if (ret) { wpa_printf(MSG_ERROR, "eap_peer_config_init failed\n"); - eap_peer_blob_deinit(sm); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } sm->ssl_ctx = tls_init(); if (sm->ssl_ctx == NULL) { wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS " "context."); - eap_peer_blob_deinit(sm); - eap_peer_config_deinit(sm); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } wpa2_rxq_init(); gEapSm = sm; #ifdef USE_WPA2_TASK - s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( void * ) ); - xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, s_wpa2_task_hdl); + s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( s_wpa2_queue ) ); + ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, &s_wpa2_task_hdl); + if (ret != pdPASS) { + wpa_printf(MSG_ERROR, "wps enable: failed to create task"); + ret = ESP_FAIL; + goto _err; + } s_wifi_wpa2_sync_sem = xSemaphoreCreateCounting(1, 0); if (!s_wifi_wpa2_sync_sem) { - vQueueDelete(s_wpa2_queue); - s_wpa2_queue = NULL; - eap_peer_blob_deinit(sm); - eap_peer_config_deinit(sm); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem"); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d\n", 2, WPA2_TASK_STACK_SIZE); #endif return ESP_OK; + +_err: + eap_peer_sm_deinit(); + return ret; } /** @@ -852,8 +843,8 @@ static void eap_peer_sm_deinit(void) if (s_wifi_wpa2_sync_sem) { vSemaphoreDelete(s_wifi_wpa2_sync_sem); + s_wifi_wpa2_sync_sem = NULL; } - s_wifi_wpa2_sync_sem = NULL; if (s_wpa2_data_lock) { vSemaphoreDelete(s_wpa2_data_lock); @@ -861,6 +852,10 @@ static void eap_peer_sm_deinit(void) wpa_printf(MSG_DEBUG, "wpa2 eap_peer_sm_deinit: free data lock"); } + if (s_wpa2_queue) { + vQueueDelete(s_wpa2_queue); + s_wpa2_queue = NULL; + } os_free(sm); gEapSm = NULL; } diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c index 9a2ec5aad6..d9d9586192 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c @@ -517,15 +517,16 @@ wps_build_ic_appie_wps_pr(void) 0, NULL); } - if (wps_ie) { - if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) { - wpabuf_put_buf(extra_ie, wps_ie); - } else { - wpabuf_free(wps_ie); - return; - } - wpabuf_free(wps_ie); + if (!wps_ie) { + return; } + if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) { + wpabuf_put_buf(extra_ie, wps_ie); + } else { + wpabuf_free(wps_ie); + return; + } + wpabuf_free(wps_ie); esp_wifi_set_appie_internal(WIFI_APPIE_WPS_PR, (uint8_t *)wpabuf_head(extra_ie), extra_ie->used, 0); wpabuf_free(extra_ie); @@ -647,7 +648,8 @@ int wps_send_eap_identity_rsp(u8 id) ret = esp_wifi_get_assoc_bssid_internal(bssid); if (ret != 0) { wpa_printf(MSG_ERROR, "bssid is empty!"); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } wpabuf_put_data(eap_buf, sm->identity, sm->identity_len); @@ -982,13 +984,6 @@ int wps_finish(void) } if (sm->wps->state == WPS_FINISHED) { - wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t)); - - if (config == NULL) { - wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL; - esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY); - return ESP_FAIL; - } wpa_printf(MSG_DEBUG, "wps finished------>"); wps_set_status(WPS_STATUS_SUCCESS); @@ -997,6 +992,14 @@ int wps_finish(void) ets_timer_disarm(&sm->wps_msg_timeout_timer); if (sm->ap_cred_cnt == 1) { + wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t)); + + if (config == NULL) { + wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL; + esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY); + return ESP_FAIL; + } + os_memset(config, 0x00, sizeof(wifi_sta_config_t)); os_memcpy(config->sta.ssid, sm->ssid[0], sm->ssid_len[0]); os_memcpy(config->sta.password, sm->key[0], sm->key_len[0]); @@ -1406,6 +1409,9 @@ int wps_dev_init(void) return ESP_OK; _out: + if (!dev) { + return ret; + } if (dev->manufacturer) { os_free(dev->manufacturer); } @@ -1594,7 +1600,7 @@ wifi_station_wps_init(void) gWpsSm = (struct wps_sm *)os_zalloc(sizeof(struct wps_sm)); /* alloc Wps_sm */ if (!gWpsSm) { - goto _err; + goto _out; } sm = gWpsSm; @@ -1680,10 +1686,8 @@ _err: wps_deinit(); sm->wps = NULL; } - if (sm) { - os_free(gWpsSm); - gWpsSm = NULL; - } + os_free(gWpsSm); + gWpsSm = NULL; return ESP_FAIL; _out: return ESP_FAIL; @@ -1736,10 +1740,8 @@ wifi_station_wps_deinit(void) wps_deinit(); sm->wps = NULL; } - if (sm) { - os_free(gWpsSm); - gWpsSm = NULL; - } + os_free(gWpsSm); + gWpsSm = NULL; return ESP_OK; } @@ -1977,7 +1979,7 @@ int wps_task_init(void) } os_bzero(s_wps_sig_cnt, SIG_WPS_NUM); - s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof( void * ) ); + s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof(s_wps_queue) ); if (!s_wps_queue) { wpa_printf(MSG_ERROR, "wps task init: failed to alloc queue"); goto _wps_no_mem; diff --git a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c index 341905f7ab..1a4585b6b6 100644 --- a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c +++ b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c @@ -513,7 +513,10 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, .dispatch_method = ESP_TIMER_TASK, .name = "pmksa_timeout_timer" }; - esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer)); + if (esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer)) != ESP_OK) { + os_free(pmksa); + pmksa = NULL; + } } return pmksa; diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index ceae0cc86f..f2de646141 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2197,7 +2197,9 @@ wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len) if (esp_wifi_sta_get_reset_param_internal() != 0) { // check it's psk if (strlen((char *)esp_wifi_sta_get_prof_password_internal()) == 64) { - hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(), esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN); + if (hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(), esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN) != 0) { + return; + } } else { pbkdf2_sha1((char *)esp_wifi_sta_get_prof_password_internal(), (char *)sta_ssid->ssid, (size_t)sta_ssid->len, 4096, esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN); diff --git a/components/wpa_supplicant/src/tls/libtommath.h b/components/wpa_supplicant/src/tls/libtommath.h index 07574de7fc..ee3f1dc4f6 100644 --- a/components/wpa_supplicant/src/tls/libtommath.h +++ b/components/wpa_supplicant/src/tls/libtommath.h @@ -1653,7 +1653,7 @@ mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d) } /* init our temps */ - if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) { + if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) { return res; } diff --git a/components/wpa_supplicant/src/utils/wpabuf.c b/components/wpa_supplicant/src/utils/wpabuf.c index a4de3a5049..17ebdafc5f 100644 --- a/components/wpa_supplicant/src/utils/wpabuf.c +++ b/components/wpa_supplicant/src/utils/wpabuf.c @@ -1,6 +1,6 @@ /* * Dynamic data buffer - * Copyright (c) 2007-2009, Jouni Malinen + * Copyright (c) 2007-2012, Jouni Malinen * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -72,12 +72,12 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len) if (buf->used + add_len > buf->size) { unsigned char *nbuf; - if (buf->ext_data) { - nbuf = (unsigned char*)os_realloc(buf->ext_data, buf->used + add_len); + if (buf->flags & WPABUF_FLAG_EXT_DATA) { + nbuf = os_realloc(buf->buf, buf->used + add_len); if (nbuf == NULL) return -1; memset(nbuf + buf->used, 0, add_len); - buf->ext_data = nbuf; + buf->buf = nbuf; } else { #ifdef WPA_TRACE nbuf = os_realloc(trace, sizeof(struct wpabuf_trace) + @@ -99,6 +99,7 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len) memset(nbuf + sizeof(struct wpabuf) + buf->used, 0, add_len); #endif /* WPA_TRACE */ + buf->buf = (u8 *) (buf + 1); *_buf = buf; } buf->size = buf->used + add_len; @@ -130,6 +131,7 @@ struct wpabuf * wpabuf_alloc(size_t len) #endif /* WPA_TRACE */ buf->size = len; + buf->buf = (u8 *) (buf + 1); return buf; } @@ -151,7 +153,8 @@ struct wpabuf * wpabuf_alloc_ext_data(u8 *data, size_t len) buf->size = len; buf->used = len; - buf->ext_data = data; + buf->buf = data; + buf->flags |= WPABUF_FLAG_EXT_DATA; return buf; } @@ -191,12 +194,14 @@ void wpabuf_free(struct wpabuf *buf) trace->magic); abort(); } - os_free(buf->ext_data); + if (buf->flags & WPABUF_FLAG_EXT_DATA) + os_free(buf->buf); os_free(trace); #else /* WPA_TRACE */ if (buf == NULL) return; - os_free(buf->ext_data); + if (buf->flags & WPABUF_FLAG_EXT_DATA) + os_free(buf->buf); os_free(buf); #endif /* WPA_TRACE */ } diff --git a/components/wpa_supplicant/src/wps/wps.c b/components/wpa_supplicant/src/wps/wps.c index 48b9135843..c505a02031 100644 --- a/components/wpa_supplicant/src/wps/wps.c +++ b/components/wpa_supplicant/src/wps/wps.c @@ -71,6 +71,9 @@ int wps_is_selected_pbc_registrar(const struct wpabuf *msg) { struct wps_parse_attr *attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); + if (!attr) + return 0; + /* * In theory, this could also verify that attr.sel_reg_config_methods * includes WPS_CONFIG_PUSHBUTTON, but some deployed AP implementations diff --git a/components/wpa_supplicant/src/wps/wps_registrar.c b/components/wpa_supplicant/src/wps/wps_registrar.c index 3d22a5eb5c..677a6510a5 100644 --- a/components/wpa_supplicant/src/wps/wps_registrar.c +++ b/components/wpa_supplicant/src/wps/wps_registrar.c @@ -1652,7 +1652,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg) os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len); // NOLINT(clang-analyzer-unix.Malloc) wps->cred.key_len = wps->new_psk_len; } else if (wps->use_psk_key && wps->wps->psk_set) { - char hex[65]; + char hex[65] = {0}; wpa_printf(MSG_DEBUG, "WPS: Use PSK format for Network Key"); os_memcpy(wps->cred.key, hex, 32 * 2); wps->cred.key_len = 32 * 2; diff --git a/components/wpa_supplicant/test/test_sae.c b/components/wpa_supplicant/test/test_sae.c index 52ac9d9320..3f4aff6628 100644 --- a/components/wpa_supplicant/test/test_sae.c +++ b/components/wpa_supplicant/test/test_sae.c @@ -1,16 +1,8 @@ -// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifdef CONFIG_WPA3_SAE @@ -34,6 +26,7 @@ static struct wpabuf *wpabuf_alloc2(size_t len) if (buf == NULL) return NULL; buf->size = len; + buf->buf = (u8 *)(buf+1); return buf; } @@ -45,7 +38,6 @@ void wpabuf_free2(struct wpabuf *buf) { if (buf == NULL) return; - os_free(buf->ext_data); os_free(buf); }