From 88cbcf469674e957325ea1db6bad572c09971a68 Mon Sep 17 00:00:00 2001
From: Shreyas Sheth <shreyas.sheth@espressif.com>
Date: Mon, 5 Jun 2023 10:45:27 +0530
Subject: [PATCH] fix(wifi): Bugfix ignore immediate assoc req received by AP

1) Ignore immediate assoc req received from the station while we are
processing the older one
2) Create station mutex (sta->lock) only for stations connecting with wpa3
security
3) Fix regression caused by 4cb4faa9
---
 components/esp_wifi/lib                       |  2 +-
 .../esp_supplicant/src/esp_hostap.c           |  1 +
 .../esp_supplicant/src/esp_wpa3.c             | 15 +++++++++----
 .../esp_supplicant/src/esp_wpa_main.c         | 22 +++++++++++++++++--
 components/wpa_supplicant/src/ap/ieee802_11.c |  3 +--
 components/wpa_supplicant/src/ap/sta_info.c   |  1 -
 components/wpa_supplicant/src/ap/wpa_auth.c   |  9 ++++----
 7 files changed, 39 insertions(+), 14 deletions(-)

diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
index e3e15870cb..17154abee3 160000
--- a/components/esp_wifi/lib
+++ b/components/esp_wifi/lib
@@ -1 +1 @@
-Subproject commit e3e15870cb5d199a59867f66dd236e0d9ff5a127
+Subproject commit 17154abee3b1a109e9b0fed2a5bd4c47aba09755
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
index 481be139e7..3aae31d5fd 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
@@ -233,6 +233,7 @@ bool hostap_deinit(void *data)
         return true;
     }
     esp_wifi_unset_appie_internal(WIFI_APPIE_WPA);
+    esp_wifi_unset_appie_internal(WIFI_APPIE_ASSOC_RESP);
 
 #ifdef CONFIG_SAE
     wpa3_hostap_auth_deinit();
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
index 7fcafba72e..183c69a1cd 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
@@ -410,6 +410,11 @@ static void wpa3_process_rx_commit(wpa3_hostap_auth_event_t *evt)
             goto free;
         }
     }
+
+    if (!sta->lock) {
+        sta->lock = os_semphr_create(1, 1);
+    }
+
     if (sta->lock && os_semphr_take(sta->lock, 0)) {
         sta->sae_commit_processing = true;
         ret = handle_auth_sae(hapd, sta, frm->msg, frm->len, frm->bssid, frm->auth_transaction, frm->status);
@@ -423,9 +428,10 @@ static void wpa3_process_rx_commit(wpa3_hostap_auth_event_t *evt)
         uint16_t aid = 0;
         if (ret != WLAN_STATUS_SUCCESS &&
             ret != WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ) {
-            if (esp_wifi_ap_get_sta_aid(frm->bssid, &aid) == ESP_OK && aid == 0) {
+            esp_wifi_ap_get_sta_aid(frm->bssid, &aid);
+            if (aid == 0) {
                 esp_wifi_ap_deauth_internal(frm->bssid, ret);
-             }
+            }
         }
     }
 
@@ -463,8 +469,9 @@ static void wpa3_process_rx_confirm(wpa3_hostap_auth_event_t *evt)
         }
         os_semphr_give(sta->lock);
         if (ret != WLAN_STATUS_SUCCESS) {
-            uint16_t aid = -1;
-            if (esp_wifi_ap_get_sta_aid(frm->bssid, &aid) == ESP_OK && aid == 0) {
+            uint16_t aid = 0;
+            esp_wifi_ap_get_sta_aid(frm->bssid, &aid);
+            if (aid == 0) {
                 esp_wifi_ap_deauth_internal(frm->bssid, ret);
             }
         }
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c
index 36b2b44b93..9b9fb55ceb 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c
@@ -304,18 +304,31 @@ static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len,u8
     }
 
     if (*sta && !esp_wifi_ap_is_sta_sae_reauth_node(bssid)) {
-       ap_free_sta(hapd, *sta);
+        ap_free_sta(hapd, *sta);
     }
 
     sta_info = ap_sta_add(hapd, bssid);
     if (!sta_info) {
         wpa_printf(MSG_ERROR, "failed to add station " MACSTR, MAC2STR(bssid));
-        goto fail;
+        return false;
     }
+
+#ifdef CONFIG_SAE
+    if (sta_info->lock && os_semphr_take(sta_info->lock, 0) != TRUE) {
+        wpa_printf(MSG_INFO, "Ignore assoc request as softap is busy with sae calculation for station "MACSTR, MAC2STR(bssid));
+        return false;
+    }
+#endif /* CONFIG_SAE */
+
 #ifdef CONFIG_WPS_REGISTRAR
     if (check_n_add_wps_sta(hapd, sta_info, wpa_ie, wpa_ie_len, pmf_enable, subtype) == 0) {
         if (sta_info->eapol_sm) {
             *sta = sta_info;
+#ifdef CONFIG_SAE
+            if (sta_info->lock) {
+                os_semphr_give(sta_info->lock);
+            }
+#endif /* CONFIG_SAE */
             return true;
         }
     } else {
@@ -324,6 +337,11 @@ static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len,u8
 #endif
     if (wpa_ap_join(sta_info, bssid, wpa_ie, wpa_ie_len, rsnxe, rsnxe_len, pmf_enable, subtype)) {
         *sta = sta_info;
+#ifdef CONFIG_SAE
+        if (sta_info->lock) {
+            os_semphr_give(sta_info->lock);
+        }
+#endif /* CONFIG_SAE */
         return true;
     }
 
diff --git a/components/wpa_supplicant/src/ap/ieee802_11.c b/components/wpa_supplicant/src/ap/ieee802_11.c
index 2b2b2c09a2..e8dbc7f067 100644
--- a/components/wpa_supplicant/src/ap/ieee802_11.c
+++ b/components/wpa_supplicant/src/ap/ieee802_11.c
@@ -559,7 +559,7 @@ int handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
        }
 
        if (sae_check_confirm(sta->sae, buf, len) < 0) {
-           resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+           resp = WLAN_STATUS_CHALLENGE_FAIL;
            goto reply;
        }
        sta->sae->rc = peer_send_confirm;
@@ -569,7 +569,6 @@ int handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
     } else {
         wpa_printf(MSG_ERROR, "unexpected SAE authentication transaction %u (status=%u )", auth_transaction, status);
         if (status != WLAN_STATUS_SUCCESS) {
-            resp = -1;
             goto remove_sta;
         }
         resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
diff --git a/components/wpa_supplicant/src/ap/sta_info.c b/components/wpa_supplicant/src/ap/sta_info.c
index 66e856ebee..515179d69a 100644
--- a/components/wpa_supplicant/src/ap/sta_info.c
+++ b/components/wpa_supplicant/src/ap/sta_info.c
@@ -175,7 +175,6 @@ struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
 #ifdef CONFIG_SAE
 	sta->sae_commit_processing = false;
 	sta->remove_pending = false;
-	sta->lock = os_semphr_create(1, 1);
 #endif /* CONFIG_SAE */
 
 	return sta;
diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c
index 9b2680c8c1..5b0b4ae901 100644
--- a/components/wpa_supplicant/src/ap/wpa_auth.c
+++ b/components/wpa_supplicant/src/ap/wpa_auth.c
@@ -488,6 +488,7 @@ static void wpa_free_sta_sm(struct wpa_state_machine *sm)
     wpa_printf( MSG_DEBUG, "wpa_free_sta_sm: free eapol=%p\n", sm->last_rx_eapol_key);
     os_free(sm->last_rx_eapol_key);
     os_free(sm->wpa_ie);
+    os_free(sm->rsnxe);
     os_free(sm);
 }
 
@@ -2635,7 +2636,7 @@ bool wpa_ap_remove(u8* bssid)
         } else {
             sta->remove_pending = true;
         }
-	return true;
+        return true;
     }
 #endif /* CONFIG_SAE */
 
@@ -2644,10 +2645,10 @@ bool wpa_ap_remove(u8* bssid)
     if (wps_get_status() == WPS_STATUS_PENDING) {
         u8 *addr = os_malloc(ETH_ALEN);
 
-	if (!addr) {
+        if (!addr) {
             return false;
-	}
-	os_memcpy(addr, sta->addr, ETH_ALEN);
+        }
+        os_memcpy(addr, sta->addr, ETH_ALEN);
         eloop_register_timeout(0, 10000, ap_free_sta_timeout, hapd, addr);
     } else
 #endif