fix(esp_wifi): Backport some wifi fixes

- Fix incorrect allocation of eb due to rsn ie len mismatch - Set default NVS sae pwe value to SAE_PWE_BOTH for ap and station - Fix incorrect deauth reason parsing for station - Fix memory corruption by avoiding unncessary encryption of Mgmt frames When wpa_supplicant sends an authentication response for an already connection station (with keys installed after a successful 4-way handshake), the Mgmt packet was encrypted unconditionaly based on 'bss->pmf_enable'. This lead to memory corruption since extra space for the encryption header was assumed even when it was not there. Fix this by verifying that the packet is actually a robust management frame before enabling the encryption.
2025-12-04 15:58:54 +05:30
parent 81240a49e6
commit caf4cad3b4
4 changed files with 5 additions and 5 deletions
@@ -536,7 +536,7 @@ typedef struct {
    wifi_cipher_type_t pairwise_cipher;       /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP, WIFI_CIPHER_TYPE_TKIP_CCMP, WIFI_CIPHER_TYPE_GCMP and WIFI_CIPHER_TYPE_GCMP256. */
    bool ftm_responder;                       /**< Enable FTM Responder mode */
    wifi_pmf_config_t pmf_cfg;                /**< Configuration for Protected Management Frame */
-    wifi_sae_pwe_method_t sae_pwe_h2e;        /**< Configuration for SAE PWE derivation method */
+    wifi_sae_pwe_method_t sae_pwe_h2e;        /**< Configuration for SAE PWE derivation method. Default value :2 (WPA3_SAE_PWE_BOTH) */
    uint8_t transition_disable;               /**< Whether to enable transition disable feature */
    uint8_t sae_ext;                          /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */
    wifi_bss_max_idle_config_t bss_max_idle_cfg;  /**< Configuration for bss max idle, effective if CONFIG_WIFI_BSS_MAX_IDLE_SUPPORT is enabled */
@@ -566,7 +566,7 @@ typedef struct {
    uint32_t owe_enabled: 1;                  /**< Whether OWE is enabled for the connection */
    uint32_t transition_disable: 1;           /**< Whether to enable transition disable feature */
    uint32_t reserved1: 26;                   /**< Reserved for future feature set */
-    wifi_sae_pwe_method_t sae_pwe_h2e;        /**< Configuration for SAE PWE derivation method */
+    wifi_sae_pwe_method_t sae_pwe_h2e;        /**< Configuration for SAE PWE derivation method. Default value :2 (WPA3_SAE_PWE_BOTH) */
    wifi_sae_pk_mode_t sae_pk_mode;           /**< Configuration for SAE-PK (Public Key) Authentication method */
    uint8_t failure_retry_cnt;                /**< Number of connection retries station will do before moving to next AP. scan_method should be set as WIFI_ALL_CHANNEL_SCAN to use this config.
                                                   Note: Enabling this may cause connection time to increase in case best AP doesn't behave properly. */
@@ -131,7 +131,7 @@ struct wpa_funcs {
    bool (*wpa_ap_deinit)(void *data);
    bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8* rsnxe, u16 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
    bool (*wpa_ap_remove)(u8 *bssid);
-    uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len);
+    uint8_t *(*wpa_ap_get_wpa_ie)(size_t *len);
    bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len);
    void (*wpa_ap_get_peer_spp_msg)(void *sm, bool *spp_cap, bool *spp_req);
    char *(*wpa_config_parse_string)(const char *value, size_t *len);
@@ -147,7 +147,7 @@ bool  wpa_attach(void)
    return ret;
 }

-uint8_t  *wpa_ap_get_wpa_ie(uint8_t *ie_len)
+uint8_t  *wpa_ap_get_wpa_ie(size_t *ie_len)
 {
    struct hostapd_data *hapd = (struct hostapd_data *)esp_wifi_get_hostap_private_internal();