diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c index 063f148928..92d348b449 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c @@ -598,6 +598,7 @@ wps_parse_scan_result(struct wps_scan_ie *scan) for (count = 0; count < WPS_MAX_DIS_AP_NUM; count++) { if (os_memcmp(sm->dis_ap_list[count].bssid, scan->bssid, ETH_ALEN) == 0) { wpa_printf(MSG_INFO, "discard ap bssid "MACSTR, MAC2STR(scan->bssid)); + wpabuf_free(buf); return false; } } @@ -606,6 +607,9 @@ wps_parse_scan_result(struct wps_scan_ie *scan) if (ap_found || sm->wps_pin_war) { wpabuf_free(buf); + if (scan->ssid[1] > SSID_MAX_LEN) { + return false; + } esp_wifi_enable_sta_privacy_internal(); os_memset(sm->config.ssid, 0, sizeof(sm->config.ssid)); strncpy((char *)sm->config.ssid, (char *)&scan->ssid[2], (int)scan->ssid[1]); @@ -1683,6 +1687,9 @@ _err: sm->dev = NULL; } if (sm->wps_ctx) { + if (sm->wps_ctx->dh_privkey) { + wpabuf_free(sm->wps_ctx->dh_privkey); + } os_free(sm->wps_ctx); sm->wps_ctx = NULL; } @@ -1737,6 +1744,9 @@ wifi_station_wps_deinit(void) sm->dev = NULL; } if (sm->wps_ctx) { + if (sm->wps_ctx->dh_privkey) { + wpabuf_free(sm->wps_ctx->dh_privkey); + } os_free(sm->wps_ctx); sm->wps_ctx = NULL; } diff --git a/components/wpa_supplicant/src/utils/common.h b/components/wpa_supplicant/src/utils/common.h index fb4865652f..9fc282ae52 100644 --- a/components/wpa_supplicant/src/utils/common.h +++ b/components/wpa_supplicant/src/utils/common.h @@ -14,6 +14,8 @@ #include "os.h" #include "esp_bit_defs.h" +#define SSID_MAX_LEN 32 + /* Define platform specific variable type macros */ #if defined(ESP_PLATFORM) #include