nrfconnect · krish2718 · Feb 7, 2024 · Jan 25, 2024 · Jan 25, 2024 · Jan 25, 2024
@@ -11453,10 +11453,12 @@ static int wpas_ctrl_iface_send_dscp_query(struct wpa_supplicant *wpa_s,
 char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 					 char *buf, size_t *resp_len)
 {
-	char *reply;
-	const int reply_size = 1024;
+	static char reply[1024];
+	const int reply_size = sizeof(reply);
 	int reply_len;
 
+	os_memset(reply, 0, reply_size);
+
 	if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0 ||
 	    os_strncmp(buf, "SET_NETWORK ", 12) == 0 ||
 	    os_strncmp(buf, "PMKSA_ADD ", 10) == 0 ||
@@ -11480,14 +11482,6 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 		wpa_dbg(wpa_s, wpas_ctrl_cmd_debug_level(buf), "Control interface command '%s'", buf);
 	}
 
-	reply = os_malloc(reply_size);
-	if (reply == NULL) {
-		wpa_printf(MSG_ERROR, "ctrl_iface: reply malloc of %d failed",
-			reply_size);
-		*resp_len = 1;
-		return NULL;
-	}
-
 	os_memcpy(reply, "OK\n", 3);
 	reply_len = 3;
 
@@ -13009,10 +13003,13 @@ static int wpas_global_ctrl_iface_fst_detach(struct wpa_global *global,
 char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global,
 						char *buf, size_t *resp_len)
 {
-	char *reply;
-	const int reply_size = 2048;
+	static char reply[1024];
+	const int reply_size = sizeof(reply);
 	int reply_len;
 	int level = MSG_DEBUG;
+	char *reply_redir;
+
+	os_memset(reply, 0, reply_size);
 
 	if (os_strncmp(buf, "IFNAME=", 7) == 0) {
 		char *pos = os_strchr(buf + 7, ' ');
@@ -13024,21 +13021,15 @@ char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global,
 		}
 	}
 
-	reply = wpas_global_ctrl_iface_redir(global, buf, resp_len);
-	if (reply)
-		return reply;
+	reply_redir = wpas_global_ctrl_iface_redir(global, buf, resp_len);
+	if (reply_redir)
+		return reply_redir;
 
 	if (os_strcmp(buf, "PING") == 0)
 		level = MSG_EXCESSIVE;
 	wpa_hexdump_ascii(level, "RX global ctrl_iface",
 			  (const u8 *) buf, os_strlen(buf));
 
-	reply = os_malloc(reply_size);
-	if (reply == NULL) {
-		*resp_len = 1;
-		return NULL;
-	}
-
 	os_memcpy(reply, "OK\n", 3);
 	reply_len = 3;
 

@@ -120,43 +120,28 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
 					      void *sock_ctx)
 {
 	struct wpa_supplicant *wpa_s = eloop_ctx;
-	char *buf, *pos;
+	char buf[CTRL_IFACE_MAX_LEN + 1];
+	char *pos;
 	int res;
 	char *reply = NULL;
 	size_t reply_len = 0;
 
-	buf = os_zalloc(CTRL_IFACE_MAX_LEN + 1);
-	if (!buf) {
-		/* Do a dummy read to drain the data from the socket */
-		static unsigned char dummy[512];
-
-		/* This is expected in OOM conditions, so, do not spam the log */
-		wpa_printf(MSG_DEBUG, "Failed to allocate memory for ctrl_iface receive buffer");
-
-		do {
-			res = recv(sock, dummy, sizeof(dummy),
-				   MSG_TRUNC | MSG_DONTWAIT);
-		} while (res > 0);
-		return;
-	}
-
 	res = recv(sock, buf, CTRL_IFACE_MAX_LEN, 0);
 	if (res < 0) {
 		wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
 			   strerror(errno));
-		os_free(buf);
 		return;
 	}
+
 	if (!res) {
+		eloop_unregister_sock(sock, EVENT_TYPE_READ);
 		wpa_printf(MSG_DEBUG, "ctrl_iface: Peer unexpectedly shut down "
 			   "socket");
-		os_free(buf);
 		return;
 	}
 
 	if ((size_t) res > CTRL_IFACE_MAX_LEN) {
 		wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
-		os_free(buf);
 		return;
 	}
 	buf[res] = '\0';
@@ -188,14 +173,11 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
 
 	if (reply) {
 		send(sock, reply, reply_len, 0);
-		os_free(reply);
 	} else if (reply_len == 1) {
 		send(sock, "FAIL\n", 5, 0);
 	} else if (reply_len == 2) {
 		send(sock, "OK\n", 3, 0);
 	}
-
-	os_free(buf);
 }
 
 
@@ -270,25 +252,28 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
 					      void *sock_ctx)
 {
 	struct wpa_global *global = eloop_ctx;
-	char *buf, *pos;
+	char buf[CTRL_IFACE_MAX_LEN + 1];
+	char *pos;
 	int res;
 	char *reply = NULL;
 	size_t reply_len = 0;
 
-	buf = os_zalloc(CTRL_IFACE_MAX_LEN + 1);
-	if (!buf)
-		return;
 	res = recv(sock, buf, CTRL_IFACE_MAX_LEN, 0);
 	if (res < 0) {
-		wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
+		wpa_printf(MSG_ERROR, "recvfrom(g_ctrl_iface): %s",
 			   strerror(errno));
-		os_free(buf);
+		return;
+	}
+
+	if (!res) {
+		eloop_unregister_sock(sock, EVENT_TYPE_READ);
+		wpa_printf(MSG_DEBUG, "g_ctrl_iface: Peer unexpectedly shut down "
+			   "socket");
 		return;
 	}
 
 	if ((size_t) res > CTRL_IFACE_MAX_LEN) {
-		wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
-		os_free(buf);
+		wpa_printf(MSG_ERROR, "recvform(g_ctrl_iface): input truncated");
 		return;
 	}
 	buf[res] = '\0';
@@ -320,14 +305,11 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
 
 	if (reply) {
 		send(sock, reply, reply_len, 0);
-		os_free(reply);
 	} else if (reply_len == 1) {
 		send(sock, "FAIL\n", 5, 0);
 	} else if (reply_len == 2) {
 		send(sock, "OK\n", 3, 0);
 	}
-
-	os_free(buf);
 }
 struct ctrl_iface_global_priv *
 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)

@@ -72,6 +72,8 @@ static int _wpa_ctrl_command(struct wpa_ctrl *ctrl, const char *cmd, int print,
 		/* Remove the LF */
 		os_memcpy(resp, buf, len - 1);
 		resp[len - 1] = '\0';
+		if (strncmp(resp, "FAIL", 4) == 0)
+			return -3;
 	}
 
 	if (print) {