diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index a717189a9..7df74bd45 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -11453,10 +11453,12 @@ static int wpas_ctrl_iface_send_dscp_query(struct wpa_supplicant *wpa_s, char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, char *buf, size_t *resp_len) { - char *reply; - const int reply_size = 1024; + static char reply[1024]; + const int reply_size = sizeof(reply); int reply_len; + os_memset(reply, 0, reply_size); + if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0 || os_strncmp(buf, "SET_NETWORK ", 12) == 0 || os_strncmp(buf, "PMKSA_ADD ", 10) == 0 || @@ -11480,14 +11482,6 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, wpa_dbg(wpa_s, wpas_ctrl_cmd_debug_level(buf), "Control interface command '%s'", buf); } - reply = os_malloc(reply_size); - if (reply == NULL) { - wpa_printf(MSG_ERROR, "ctrl_iface: reply malloc of %d failed", - reply_size); - *resp_len = 1; - return NULL; - } - os_memcpy(reply, "OK\n", 3); reply_len = 3; @@ -13009,10 +13003,13 @@ static int wpas_global_ctrl_iface_fst_detach(struct wpa_global *global, char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global, char *buf, size_t *resp_len) { - char *reply; - const int reply_size = 2048; + static char reply[2048]; + const int reply_size = sizeof(reply); int reply_len; int level = MSG_DEBUG; + char *reply_redir; + + os_memset(reply, 0, reply_size); if (os_strncmp(buf, "IFNAME=", 7) == 0) { char *pos = os_strchr(buf + 7, ' '); @@ -13024,21 +13021,15 @@ char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global, } } - reply = wpas_global_ctrl_iface_redir(global, buf, resp_len); - if (reply) - return reply; + reply_redir = wpas_global_ctrl_iface_redir(global, buf, resp_len); + if (reply_redir) + return reply_redir; if (os_strcmp(buf, "PING") == 0) level = MSG_EXCESSIVE; wpa_hexdump_ascii(level, "RX global ctrl_iface", (const u8 *) buf, os_strlen(buf)); - reply = os_malloc(reply_size); - if (reply == NULL) { - *resp_len = 1; - return NULL; - } - os_memcpy(reply, "OK\n", 3); reply_len = 3; diff --git a/wpa_supplicant/ctrl_iface_zephyr.c b/wpa_supplicant/ctrl_iface_zephyr.c index fd2eba866..363ab9304 100644 --- a/wpa_supplicant/ctrl_iface_zephyr.c +++ b/wpa_supplicant/ctrl_iface_zephyr.c @@ -120,44 +120,28 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx, void *sock_ctx) { struct wpa_supplicant *wpa_s = eloop_ctx; - char *buf, *pos; + char buf[CTRL_IFACE_MAX_LEN + 1]; + char *pos; int res; char *reply = NULL; size_t reply_len = 0; - buf = os_zalloc(CTRL_IFACE_MAX_LEN + 1); - if (!buf) { - /* Do a dummy read to drain the data from the socket */ - static unsigned char dummy[512]; - - /* This is expected in OOM conditions, so, do not spam the log */ - wpa_printf(MSG_DEBUG, "Failed to allocate memory for ctrl_iface receive buffer"); - - do { - res = recv(sock, dummy, sizeof(dummy), - MSG_TRUNC | MSG_DONTWAIT); - } while (res > 0); - return; - } - res = recv(sock, buf, CTRL_IFACE_MAX_LEN, 0); if (res < 0) { wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", strerror(errno)); - os_free(buf); return; } + if (!res) { eloop_unregister_sock(sock, EVENT_TYPE_READ); wpa_printf(MSG_DEBUG, "ctrl_iface: Peer unexpectedly shut down " "socket"); - os_free(buf); return; } if ((size_t) res > CTRL_IFACE_MAX_LEN) { wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated"); - os_free(buf); return; } buf[res] = '\0'; @@ -189,14 +173,11 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx, if (reply) { send(sock, reply, reply_len, 0); - os_free(reply); } else if (reply_len == 1) { send(sock, "FAIL\n", 5, 0); } else if (reply_len == 2) { send(sock, "OK\n", 3, 0); } - - os_free(buf); } @@ -271,30 +252,16 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx, void *sock_ctx) { struct wpa_global *global = eloop_ctx; - char *buf, *pos; + char buf[CTRL_IFACE_MAX_LEN + 1]; + char *pos; int res; char *reply = NULL; size_t reply_len = 0; - buf = os_zalloc(CTRL_IFACE_MAX_LEN + 1); - if (!buf) { - /* Do a dummy read to drain the data from the socket */ - static unsigned char dummy[512]; - - /* This is expected in OOM conditions, so, do not spam the log */ - wpa_printf(MSG_DEBUG, "Failed to allocate memory for g_ctrl_iface receive buffer"); - - do { - res = recv(sock, dummy, sizeof(dummy), - MSG_TRUNC | MSG_DONTWAIT); - } while (res > 0); - return; - } res = recv(sock, buf, CTRL_IFACE_MAX_LEN, 0); if (res < 0) { wpa_printf(MSG_ERROR, "recvfrom(g_ctrl_iface): %s", strerror(errno)); - os_free(buf); return; } @@ -302,13 +269,11 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx, eloop_unregister_sock(sock, EVENT_TYPE_READ); wpa_printf(MSG_DEBUG, "g_ctrl_iface: Peer unexpectedly shut down " "socket"); - os_free(buf); return; } if ((size_t) res > CTRL_IFACE_MAX_LEN) { wpa_printf(MSG_ERROR, "recvform(g_ctrl_iface): input truncated"); - os_free(buf); return; } buf[res] = '\0'; @@ -340,14 +305,11 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx, if (reply) { send(sock, reply, reply_len, 0); - os_free(reply); } else if (reply_len == 1) { send(sock, "FAIL\n", 5, 0); } else if (reply_len == 2) { send(sock, "OK\n", 3, 0); } - - os_free(buf); } struct ctrl_iface_global_priv * wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)