Merge branch 'bugfix/supplicant_general_fixes' into 'master'

wpa_supplicant: Fix some memleaks and invalid memory access

Closes IDF-1335

See merge request espressif/esp-idf!8201
pull/5307/head
Jiang Jiang Jian 2020-05-12 11:03:14 +08:00
commit 5f2be35525
3 zmienionych plików z 30 dodań i 22 usunięć

Wyświetl plik

@ -759,6 +759,7 @@ static int eap_peer_sm_init(void)
if (ret) {
wpa_printf(MSG_ERROR, "eap_peer_blob_init failed\n");
os_free(sm);
vSemaphoreDelete(s_wpa2_data_lock);
return ESP_FAIL;
}
@ -767,6 +768,7 @@ static int eap_peer_sm_init(void)
wpa_printf(MSG_ERROR, "eap_peer_config_init failed\n");
eap_peer_blob_deinit(sm);
os_free(sm);
vSemaphoreDelete(s_wpa2_data_lock);
return ESP_FAIL;
}
@ -777,6 +779,7 @@ static int eap_peer_sm_init(void)
eap_peer_blob_deinit(sm);
eap_peer_config_deinit(sm);
os_free(sm);
vSemaphoreDelete(s_wpa2_data_lock);
return ESP_FAIL;
}
@ -788,6 +791,12 @@ static int eap_peer_sm_init(void)
xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, s_wpa2_task_hdl);
s_wifi_wpa2_sync_sem = xSemaphoreCreateCounting(1, 0);
if (!s_wifi_wpa2_sync_sem) {
vQueueDelete(s_wpa2_queue);
s_wpa2_queue = NULL;
eap_peer_blob_deinit(sm);
eap_peer_config_deinit(sm);
os_free(sm);
vSemaphoreDelete(s_wpa2_data_lock);
wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem");
return ESP_FAIL;
}

Wyświetl plik

@ -260,42 +260,40 @@ _out:
* provisioning, -1 if wps_a is considered more like, or 0 if no preference
*/
int wps_ap_priority_compar(const struct wpabuf *wps_a,
const struct wpabuf *wps_b)
const struct wpabuf *wps_b)
{
struct wps_parse_attr *attr_a, *attr_b;
struct wps_parse_attr *attr = NULL;
int sel_a, sel_b;
int ret = 0;
int ret = 0; /* No preference */
attr_a = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
attr_b = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
attr = os_zalloc(sizeof(*attr));
if (attr_a == NULL || attr_b == NULL) {
ret = 0;
goto _out;
if (!attr)
return ret;
if (wps_a == NULL || wps_parse_msg(wps_a, attr) < 0) {
ret = 1;
goto exit;
}
sel_a = attr->selected_registrar && *(attr->selected_registrar) != 0;
if (wps_a == NULL || wps_parse_msg(wps_a, attr_a) < 0)
return 1; // NOLINT(clang-analyzer-unix.Malloc)
if (wps_b == NULL || wps_parse_msg(wps_b, attr_b) < 0)
return -1;
sel_a = attr_a->selected_registrar && *attr_a->selected_registrar != 0;
sel_b = attr_b->selected_registrar && *attr_b->selected_registrar != 0;
if (wps_b == NULL || wps_parse_msg(wps_b, attr) < 0) {
ret = -1;
goto exit;
}
sel_b = attr->selected_registrar && *(attr->selected_registrar) != 0;
if (sel_a && !sel_b) {
ret = -1;
goto _out;
goto exit;
}
if (!sel_a && sel_b) {
ret = 1;
goto _out;
goto exit;
}
_out:
if (attr_a)
os_free(attr_a);
if (attr_b)
os_free(attr_b);
exit:
os_free(attr);
return ret;
}

Wyświetl plik

@ -1640,6 +1640,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
if (random_get_bytes(r, sizeof(r)) < 0)
return -1;
os_free(wps->new_psk);
wps->new_psk = (u8 *)base64_encode(r, sizeof(r), &wps->new_psk_len);
if (wps->new_psk == NULL)
return -1;
wps->new_psk_len--; /* remove newline */