Merge branch 'bugfix/minor_enterprise_fixes_v4.4' into 'release/v4.4'

Drop Eapol msg if EAP success is not processed (Backport v4.4)

See merge request espressif/esp-idf!25068

components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -37,6 +37,7 @@
 #include "esp_wifi_driver.h"
 #include "esp_private/wifi.h"
 #include "esp_wpa_err.h"
+#include "esp_wpa2_i.h"
 
 #define WPA2_VERSION    "v2.0"
 
@@ -64,6 +65,7 @@ static int wpa2_start_eapol_internal(void);
 int wpa2_post(uint32_t sig, uint32_t par);
 
 #ifdef USE_WPA2_TASK
+#define WPA2_TASK_PRIORITY 7
 static TaskHandle_t s_wpa2_task_hdl = NULL;
 static void *s_wpa2_queue = NULL;
 static wpa2_state_t s_wpa2_state = WPA2_STATE_DISABLED;
@@ -116,6 +118,15 @@ static void wpa2_set_eap_state(wpa2_ent_eap_state_t state)
     esp_wifi_set_wpa2_ent_state_internal(state);
 }
 
+wpa2_ent_eap_state_t wpa2_get_eap_state(void)
+{
+    if (!gEapSm) {
+        return WPA2_ENT_EAP_STATE_NOT_START;
+    }
+
+    return gEapSm->finish_state;
+}
+
 static inline void wpa2_task_delete(void *arg)
 {
     void *my_task_hdl = xTaskGetCurrentTaskHandle();
@@ -793,7 +804,7 @@ static int eap_peer_sm_init(void)
     gEapSm = sm;
 #ifdef USE_WPA2_TASK
     s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof(s_wpa2_queue));
-    ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, &s_wpa2_task_hdl);
+    ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, WPA2_TASK_PRIORITY, &s_wpa2_task_hdl);
     if (ret != pdPASS) {
         wpa_printf(MSG_ERROR, "wps enable: failed to create task");
         ret = ESP_FAIL;
@@ -806,7 +817,7 @@ static int eap_peer_sm_init(void)
         goto _err;
     }
 
-    wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d\n", 2, WPA2_TASK_STACK_SIZE);
+    wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d\n", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE);
 #endif
     return ESP_OK;
 

components/wpa_supplicant/esp_supplicant/src/esp_wpa2_i.h

@@ -0,0 +1,14 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef ESP_WPA2_I_H
+#define ESP_WPA2_I_H
+
+#include "esp_wifi_driver.h"
+
+wpa2_ent_eap_state_t wpa2_get_eap_state(void);
+
+#endif

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -30,6 +30,7 @@
 #include "crypto/ccmp.h"
 #include "esp_rom_sys.h"
 #include "esp_common_i.h"
+#include "esp_wpa2_i.h"
 
 /**
  * eapol_sm_notify_eap_success - Notification of external EAP success trigger
@@ -517,7 +518,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
         if (buf) {
             wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
                       buf, buflen);
-            os_free(buf);
+            wpa_sm_free_eapol(buf);
             return -2;
         }
 
@@ -624,6 +625,15 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
     u8 *kde, *kde_buf = NULL;
     size_t kde_len;
 
+    if (is_wpa2_enterprise_connection()) {
+        wpa2_ent_eap_state_t state = wpa2_get_eap_state();
+        if (state == WPA2_ENT_EAP_STATE_IN_PROGRESS) {
+            wpa_printf(MSG_INFO, "EAP Success has not been processed yet."
+               " Drop EAPOL message.");
+            return;
+        }
+    }
+
     wpa_sm_set_state(WPA_FIRST_HALF_4WAY_HANDSHAKE);
 
     wpa_printf(MSG_DEBUG, "WPA 1/4-Way Handshake\n");