From 9127a8fb2550f587e942730e322b0b83f8754214 Mon Sep 17 00:00:00 2001 From: Shreyas Sheth Date: Mon, 1 Jan 2024 13:34:31 +0530 Subject: [PATCH] fix(wifi): Fix wpa3 crash for station added without sta lock --- components/esp_wifi/lib | 2 +- .../esp_supplicant/src/esp_hostap.c | 35 +++++---- .../esp_supplicant/src/esp_wpa3.c | 6 +- .../esp_supplicant/src/esp_wpa_main.c | 74 +++++++++++-------- components/wpa_supplicant/src/ap/sta_info.c | 1 + 5 files changed, 66 insertions(+), 52 deletions(-) diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 6a63417673..47abfa88c7 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 6a6341767335b5f1927d1628f3e256a2d21281e2 +Subproject commit 47abfa88c74aae92d3f0383d56d7c6805159903d diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index 3aae31d5fd..d9585c9f53 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -59,10 +59,7 @@ void *hostap_init(void) auth_conf = (struct wpa_auth_config *)os_zalloc(sizeof(struct wpa_auth_config)); if (auth_conf == NULL) { - os_free(hapd->conf); - os_free(hapd); - hapd = NULL; - return NULL; + goto fail; } hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP); @@ -145,23 +142,14 @@ void *hostap_init(void) hapd->conf->wpa_key_mgmt = auth_conf->wpa_key_mgmt; hapd->conf->ssid.wpa_passphrase = (char *)os_zalloc(WIFI_PASSWORD_LEN_MAX); if (hapd->conf->ssid.wpa_passphrase == NULL) { - os_free(auth_conf); - os_free(hapd->conf); - os_free(hapd); - hapd = NULL; - return NULL; + goto fail; } #ifdef CONFIG_SAE if (authmode == WIFI_AUTH_WPA3_PSK || authmode == WIFI_AUTH_WPA2_WPA3_PSK) { if (wpa3_hostap_auth_init(hapd) != 0) { - os_free(hapd->conf->ssid.wpa_passphrase); - os_free(auth_conf); - os_free(hapd->conf); - os_free(hapd); - hapd = NULL; - return NULL; + goto fail; } } #endif /* CONFIG_SAE */ @@ -176,11 +164,26 @@ void *hostap_init(void) esp_wifi_get_macaddr_internal(WIFI_IF_AP, hapd->own_addr); hapd->wpa_auth = wpa_init(hapd->own_addr, auth_conf, NULL); + if (hapd->wpa_auth == NULL) { + goto fail; + } + esp_wifi_set_appie_internal(WIFI_APPIE_WPA, hapd->wpa_auth->wpa_ie, (uint16_t)hapd->wpa_auth->wpa_ie_len, 0); os_free(auth_conf); global_hapd = hapd; return (void *)hapd; +fail: + if (hapd->conf->ssid.wpa_passphrase != NULL) { + os_free(hapd->conf->ssid.wpa_passphrase); + } + if (auth_conf != NULL) { + os_free(auth_conf); + } + os_free(hapd->conf); + os_free(hapd); + hapd = NULL; + return NULL; } void hostapd_cleanup(struct hostapd_data *hapd) diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c index 063ed705b6..a0e7ba4d16 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -421,10 +421,6 @@ static void wpa3_process_rx_commit(wpa3_hostap_auth_event_t *evt) } } - if (!sta->lock) { - sta->lock = os_semphr_create(1, 1); - } - if (sta->lock && os_semphr_take(sta->lock, 0)) { sta->sae_commit_processing = true; ret = handle_auth_sae(hapd, sta, frm->msg, frm->len, frm->bssid, frm->auth_transaction, frm->status); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c index 02f2805fc6..c977119922 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -348,52 +348,66 @@ static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len,u8 goto fail; } - if (*sta && !esp_wifi_ap_is_sta_sae_reauth_node(bssid)) { - ap_free_sta(hapd, *sta); - } - - sta_info = ap_sta_add(hapd, bssid); - if (!sta_info) { - wpa_printf(MSG_ERROR, "failed to add station " MACSTR, MAC2STR(bssid)); - goto fail; - } - + if (*sta) { + struct sta_info *old_sta = *sta; #ifdef CONFIG_SAE - if (sta_info->lock && os_semphr_take(sta_info->lock, 0) != TRUE) { - wpa_printf(MSG_INFO, "Ignore assoc request as softap is busy with sae calculation for station "MACSTR, MAC2STR(bssid)); - if (esp_send_assoc_resp(hapd, sta_info, bssid, WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY, rsnxe ? false : true, subtype) != WLAN_STATUS_SUCCESS) { + if (old_sta->lock && os_semphr_take(old_sta->lock, 0) != TRUE) { + wpa_printf(MSG_INFO, "Ignore assoc request as softap is busy with sae calculation for station "MACSTR, MAC2STR(bssid)); + if (esp_send_assoc_resp(hapd, old_sta, bssid, WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY, rsnxe ? false : true, subtype) != WLAN_STATUS_SUCCESS) { + goto fail; + } + return false; + } +#endif /* CONFIG_SAE */ + if (!esp_wifi_ap_is_sta_sae_reauth_node(bssid)) { + ap_free_sta(hapd, old_sta); + } + } + + sta_info = ap_get_sta(hapd, bssid); + if (!sta_info) { + sta_info = ap_sta_add(hapd,bssid); + if (!sta_info) { + wpa_printf(MSG_ERROR, "failed to add station " MACSTR, MAC2STR(bssid)); goto fail; } - return false; - } +#ifdef CONFIG_SAE + if (sta_info->lock) { + os_semphr_take(sta_info->lock, 0); + } #endif /* CONFIG_SAE */ + } #ifdef CONFIG_WPS_REGISTRAR if (check_n_add_wps_sta(hapd, sta_info, wpa_ie, wpa_ie_len, pmf_enable, subtype) == 0) { if (sta_info->eapol_sm) { - *sta = sta_info; -#ifdef CONFIG_SAE - if (sta_info->lock) { - os_semphr_give(sta_info->lock); - } -#endif /* CONFIG_SAE */ - return true; + goto done; } } else { goto fail; } #endif if (wpa_ap_join(sta_info, bssid, wpa_ie, wpa_ie_len, rsnxe, rsnxe_len, pmf_enable, subtype)) { - *sta = sta_info; -#ifdef CONFIG_SAE - if (sta_info->lock) { - os_semphr_give(sta_info->lock); - } -#endif /* CONFIG_SAE */ - return true; + goto done; + } else { + goto fail; } +done: + *sta = sta_info; +#ifdef CONFIG_SAE + if (sta_info->lock) { + os_semphr_give(sta_info->lock); + } +#endif /* CONFIG_SAE */ + return true; fail: + +#ifdef CONFIG_SAE + if (sta_info && sta_info->lock) { + os_semphr_give(sta_info->lock); + } +#endif /* CONFIG_SAE */ esp_wifi_ap_deauth_internal(bssid, WLAN_REASON_PREV_AUTH_NOT_VALID); return false; } diff --git a/components/wpa_supplicant/src/ap/sta_info.c b/components/wpa_supplicant/src/ap/sta_info.c index 515179d69a..66e856ebee 100644 --- a/components/wpa_supplicant/src/ap/sta_info.c +++ b/components/wpa_supplicant/src/ap/sta_info.c @@ -175,6 +175,7 @@ struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr) #ifdef CONFIG_SAE sta->sae_commit_processing = false; sta->remove_pending = false; + sta->lock = os_semphr_create(1, 1); #endif /* CONFIG_SAE */ return sta;