From 9c7902142ccd482e24f3a8ab9772f27663b896a9 Mon Sep 17 00:00:00 2001 From: Chaitanya Tata Date: Fri, 26 Jan 2024 01:51:53 +0530 Subject: [PATCH] [nrf noup] zephyr: Don't use heap for control interface Relying on heap during OOM is bad, esp. for critical module like WPA supplicant, this can break the Wi-Fi. As the WPA supplicant stack is large enough and we have reduced the control interface sizes, move the buffers for control interface to stack or use static variable. The static variable is used to keep the changes to the common code of the WPA supplicant to a minimum compared to using stack. Fixes SHEL-2283. Signed-off-by: Chaitanya Tata --- wpa_supplicant/ctrl_iface.c | 33 ++++++++------------ wpa_supplicant/ctrl_iface_zephyr.c | 48 ++++-------------------------- 2 files changed, 17 insertions(+), 64 deletions(-) diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index a717189a9..7df74bd45 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -11453,10 +11453,12 @@ static int wpas_ctrl_iface_send_dscp_query(struct wpa_supplicant *wpa_s, char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, char *buf, size_t *resp_len) { - char *reply; - const int reply_size = 1024; + static char reply[1024]; + const int reply_size = sizeof(reply); int reply_len; + os_memset(reply, 0, reply_size); + if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0 || os_strncmp(buf, "SET_NETWORK ", 12) == 0 || os_strncmp(buf, "PMKSA_ADD ", 10) == 0 || @@ -11480,14 +11482,6 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, wpa_dbg(wpa_s, wpas_ctrl_cmd_debug_level(buf), "Control interface command '%s'", buf); } - reply = os_malloc(reply_size); - if (reply == NULL) { - wpa_printf(MSG_ERROR, "ctrl_iface: reply malloc of %d failed", - reply_size); - *resp_len = 1; - return NULL; - } - os_memcpy(reply, "OK\n", 3); reply_len = 3; @@ -13009,10 +13003,13 @@ static int wpas_global_ctrl_iface_fst_detach(struct wpa_global *global, char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global, char *buf, size_t *resp_len) { - char *reply; - const int reply_size = 2048; + static char reply[2048]; + const int reply_size = sizeof(reply); int reply_len; int level = MSG_DEBUG; + char *reply_redir; + + os_memset(reply, 0, reply_size); if (os_strncmp(buf, "IFNAME=", 7) == 0) { char *pos = os_strchr(buf + 7, ' '); @@ -13024,21 +13021,15 @@ char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global, } } - reply = wpas_global_ctrl_iface_redir(global, buf, resp_len); - if (reply) - return reply; + reply_redir = wpas_global_ctrl_iface_redir(global, buf, resp_len); + if (reply_redir) + return reply_redir; if (os_strcmp(buf, "PING") == 0) level = MSG_EXCESSIVE; wpa_hexdump_ascii(level, "RX global ctrl_iface", (const u8 *) buf, os_strlen(buf)); - reply = os_malloc(reply_size); - if (reply == NULL) { - *resp_len = 1; - return NULL; - } - os_memcpy(reply, "OK\n", 3); reply_len = 3; diff --git a/wpa_supplicant/ctrl_iface_zephyr.c b/wpa_supplicant/ctrl_iface_zephyr.c index fd2eba866..363ab9304 100644 --- a/wpa_supplicant/ctrl_iface_zephyr.c +++ b/wpa_supplicant/ctrl_iface_zephyr.c @@ -120,44 +120,28 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx, void *sock_ctx) { struct wpa_supplicant *wpa_s = eloop_ctx; - char *buf, *pos; + char buf[CTRL_IFACE_MAX_LEN + 1]; + char *pos; int res; char *reply = NULL; size_t reply_len = 0; - buf = os_zalloc(CTRL_IFACE_MAX_LEN + 1); - if (!buf) { - /* Do a dummy read to drain the data from the socket */ - static unsigned char dummy[512]; - - /* This is expected in OOM conditions, so, do not spam the log */ - wpa_printf(MSG_DEBUG, "Failed to allocate memory for ctrl_iface receive buffer"); - - do { - res = recv(sock, dummy, sizeof(dummy), - MSG_TRUNC | MSG_DONTWAIT); - } while (res > 0); - return; - } - res = recv(sock, buf, CTRL_IFACE_MAX_LEN, 0); if (res < 0) { wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", strerror(errno)); - os_free(buf); return; } + if (!res) { eloop_unregister_sock(sock, EVENT_TYPE_READ); wpa_printf(MSG_DEBUG, "ctrl_iface: Peer unexpectedly shut down " "socket"); - os_free(buf); return; } if ((size_t) res > CTRL_IFACE_MAX_LEN) { wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated"); - os_free(buf); return; } buf[res] = '\0'; @@ -189,14 +173,11 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx, if (reply) { send(sock, reply, reply_len, 0); - os_free(reply); } else if (reply_len == 1) { send(sock, "FAIL\n", 5, 0); } else if (reply_len == 2) { send(sock, "OK\n", 3, 0); } - - os_free(buf); } @@ -271,30 +252,16 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx, void *sock_ctx) { struct wpa_global *global = eloop_ctx; - char *buf, *pos; + char buf[CTRL_IFACE_MAX_LEN + 1]; + char *pos; int res; char *reply = NULL; size_t reply_len = 0; - buf = os_zalloc(CTRL_IFACE_MAX_LEN + 1); - if (!buf) { - /* Do a dummy read to drain the data from the socket */ - static unsigned char dummy[512]; - - /* This is expected in OOM conditions, so, do not spam the log */ - wpa_printf(MSG_DEBUG, "Failed to allocate memory for g_ctrl_iface receive buffer"); - - do { - res = recv(sock, dummy, sizeof(dummy), - MSG_TRUNC | MSG_DONTWAIT); - } while (res > 0); - return; - } res = recv(sock, buf, CTRL_IFACE_MAX_LEN, 0); if (res < 0) { wpa_printf(MSG_ERROR, "recvfrom(g_ctrl_iface): %s", strerror(errno)); - os_free(buf); return; } @@ -302,13 +269,11 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx, eloop_unregister_sock(sock, EVENT_TYPE_READ); wpa_printf(MSG_DEBUG, "g_ctrl_iface: Peer unexpectedly shut down " "socket"); - os_free(buf); return; } if ((size_t) res > CTRL_IFACE_MAX_LEN) { wpa_printf(MSG_ERROR, "recvform(g_ctrl_iface): input truncated"); - os_free(buf); return; } buf[res] = '\0'; @@ -340,14 +305,11 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx, if (reply) { send(sock, reply, reply_len, 0); - os_free(reply); } else if (reply_len == 1) { send(sock, "FAIL\n", 5, 0); } else if (reply_len == 2) { send(sock, "OK\n", 3, 0); } - - os_free(buf); } struct ctrl_iface_global_priv * wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)