Skip to content

Commit 534fce5

Browse files
kapilkedawatkapilkedawat
committed
fix(esp_wifi): fixed Stack corruption in DPP task
1 parent e48122f commit 534fce5

File tree

1 file changed

+9
-19
lines changed
  • components/wpa_supplicant/esp_supplicant/src

1 file changed

+9
-19
lines changed

components/wpa_supplicant/esp_supplicant/src/esp_dpp.c

Lines changed: 9 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -42,15 +42,11 @@ struct action_rx_param {
4242

4343
esp_err_t esp_dpp_post_evt(uint32_t evt_id, uint32_t data)
4444
{
45-
dpp_event_t *evt = os_zalloc(sizeof(dpp_event_t));
45+
dpp_event_t evt;
4646
esp_err_t ret = ESP_OK;
4747

48-
if (evt == NULL) {
49-
ret = ESP_ERR_NO_MEM;
50-
goto end;
51-
}
52-
evt->id = evt_id;
53-
evt->data = data;
48+
evt.id = evt_id;
49+
evt.data = data;
5450
if (s_dpp_api_lock) {
5551
DPP_API_LOCK();
5652
} else {
@@ -69,9 +65,6 @@ esp_err_t esp_dpp_post_evt(uint32_t evt_id, uint32_t data)
6965

7066
return ret;
7167
end:
72-
if (evt) {
73-
os_free(evt);
74-
}
7568
wpa_printf(MSG_ERROR, "DPP: Failed to send event %d to DPP task", evt_id);
7669
return ret;
7770
}
@@ -518,17 +511,16 @@ static esp_err_t esp_dpp_rx_action(struct action_rx_param *rx_param)
518511

519512
static void esp_dpp_task(void *pvParameters)
520513
{
521-
dpp_event_t *evt;
514+
dpp_event_t evt;
522515
bool task_del = false;
523516

524517
for (;;) {
525518
if (os_queue_recv(s_dpp_evt_queue, &evt, OS_BLOCK) == TRUE) {
526-
if (evt->id >= SIG_DPP_MAX) {
527-
os_free(evt);
519+
if (evt.id >= SIG_DPP_MAX) {
528520
continue;
529521
}
530522

531-
switch (evt->id) {
523+
switch (evt.id) {
532524
case SIG_DPP_DEL_TASK:
533525
struct dpp_bootstrap_params_t *params = &s_dpp_ctx.bootstrap_params;
534526
eloop_cancel_timeout(esp_dpp_auth_conf_wait_timeout, NULL, NULL);
@@ -549,7 +541,7 @@ static void esp_dpp_task(void *pvParameters)
549541
break;
550542

551543
case SIG_DPP_BOOTSTRAP_GEN: {
552-
char *command = (char *)evt->data;
544+
char *command = (char *)evt.data;
553545
const char *uri;
554546

555547
s_dpp_ctx.id = dpp_bootstrap_gen(s_dpp_ctx.dpp_global, command);
@@ -561,7 +553,7 @@ static void esp_dpp_task(void *pvParameters)
561553
break;
562554

563555
case SIG_DPP_RX_ACTION: {
564-
esp_dpp_rx_action((struct action_rx_param *)evt->data);
556+
esp_dpp_rx_action((struct action_rx_param *)evt.data);
565557
}
566558
break;
567559

@@ -588,7 +580,7 @@ static void esp_dpp_task(void *pvParameters)
588580
break;
589581

590582
case SIG_DPP_START_NET_INTRO: {
591-
esp_dpp_start_net_intro_protocol((uint8_t*)evt->data);
583+
esp_dpp_start_net_intro_protocol((uint8_t*)evt.data);
592584
}
593585
break;
594586

@@ -605,8 +597,6 @@ static void esp_dpp_task(void *pvParameters)
605597
break;
606598
}
607599

608-
os_free(evt);
609-
610600
if (task_del) {
611601
break;
612602
}

0 commit comments

Comments
 (0)