ESP_WIFI: Remove static analysis warnings

components/esp_wifi/src/smartconfig_ack.c

@@ -1,16 +1,8 @@
-// Copyright 2010-2017 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2010-2021 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 /*
  * After station connects to AP and gets IP address by smartconfig,
@@ -68,9 +60,11 @@ static int sc_ack_send_get_errno(int fd)
     int sock_errno = 0;
     u32_t optlen = sizeof(sock_errno);
 
-    getsockopt(fd, SOL_SOCKET, SO_ERROR, &sock_errno, &optlen);
+    if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &sock_errno, &optlen) < 0) {
+        return sock_errno;
+    }
 
-    return sock_errno;
+    return 0;
 }
 
 static void sc_ack_send_task(void *pvParameters)
@@ -127,7 +121,10 @@ static void sc_ack_send_task(void *pvParameters)
                 goto _end;
             }
 
-            setsockopt(send_sock, SOL_SOCKET, SO_BROADCAST | SO_REUSEADDR, &optval, sizeof(int));
+            if (setsockopt(send_sock, SOL_SOCKET, SO_BROADCAST | SO_REUSEADDR, &optval, sizeof(int)) < 0) {
+                ESP_LOGE(TAG,  "setsockopt failed");
+                goto _end;
+            }
 
             if (ack->type == SC_TYPE_AIRKISS) {
                 char data = 0;
@@ -148,10 +145,17 @@ static void sc_ack_send_task(void *pvParameters)
                     local_addr.sin_port = htons(SC_ACK_TOUCH_DEVICE_PORT);
                 }
 
-                bind(send_sock, (struct sockaddr *)&local_addr, sockadd_len);
-                setsockopt(send_sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout));
+                if (bind(send_sock, (struct sockaddr *)&local_addr, sockadd_len) < 0) {
+                    ESP_LOGE(TAG,  "socket bind failed");
+                    goto _end;
+                }
+                if (setsockopt(send_sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) < 0) {
+                    goto _end;
+                }
 
-                recvfrom(send_sock, &data, 1, 0, (struct sockaddr *)&from, &sockadd_len);
+                if (recvfrom(send_sock, &data, 1, 0, (struct sockaddr *)&from, &sockadd_len) < 0) {
+                    goto _end;
+                }
                 if (from.sin_addr.s_addr != INADDR_ANY) {
                     memcpy(remote_ip, &from.sin_addr, 4);
                     server_addr.sin_addr.s_addr = from.sin_addr.s_addr;
@@ -184,9 +188,7 @@ static void sc_ack_send_task(void *pvParameters)
     }
 
 _end:
-    if ((send_sock >= LWIP_SOCKET_OFFSET) && (send_sock <= (FD_SETSIZE - 1))) {
-        close(send_sock);
-    }
+    close(send_sock);
     free(ack);
     vTaskDelete(NULL);
 }

components/wpa_supplicant/esp_supplicant/src/esp_common.c

@@ -257,17 +257,23 @@ static bool bss_profile_match(u8 *sender)
 }
 #endif
 
-void esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
+int esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
 {
 	struct wpa_supplicant *wpa_s = &g_wpa_supp;
+	int ret;
 
 	s_supplicant_evt_queue = xQueueCreate(3, sizeof(supplicant_event_t));
-	xTaskCreate(btm_rrm_task, "btm_rrm_t", SUPPLICANT_TASK_STACK_SIZE, NULL, 2, s_supplicant_task_hdl);
+	ret = xTaskCreate(btm_rrm_task, "btm_rrm_t", SUPPLICANT_TASK_STACK_SIZE, NULL, 2, s_supplicant_task_hdl);
+	if (ret != pdPASS) {
+		wpa_printf(MSG_ERROR, "btm: failed to create task");
+		return ret;
+	}
 
 	s_supplicant_api_lock = xSemaphoreCreateRecursiveMutex();
 	if (!s_supplicant_api_lock) {
-		wpa_printf(MSG_ERROR, "esp_supplicant_common_init: failed to create Supplicant API lock");
-		return;
+		esp_supplicant_common_deinit();
+		wpa_printf(MSG_ERROR, "%s: failed to create Supplicant API lock", __func__);
+		return ret;
 	}
 
 	esp_scan_init(wpa_s);
@@ -291,6 +297,7 @@ void esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
 #else
 	wpa_cb->wpa_sta_profile_match = NULL;
 #endif
+	return 0;
 }
 
 void esp_supplicant_common_deinit(void)

components/wpa_supplicant/esp_supplicant/src/esp_common_i.h

@@ -38,7 +38,7 @@ enum SIG_SUPPLICANT {
 
 int esp_supplicant_post_evt(uint32_t evt_id, uint32_t data);
 void esp_get_tx_power(uint8_t *tx_power);
-void esp_supplicant_common_init(struct wpa_funcs *wpa_cb);
+int esp_supplicant_common_init(struct wpa_funcs *wpa_cb);
 void esp_supplicant_common_deinit(void);
 void esp_set_scan_ie(void);
 void esp_set_assoc_ie(void);

components/wpa_supplicant/esp_supplicant/src/esp_dpp.c

@@ -1,16 +1,8 @@
-// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #include "esp_dpp_i.h"
 #include "esp_dpp.h"
@@ -614,6 +606,7 @@ void esp_supp_dpp_stop_listen(void)
 esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t cb)
 {
     struct dpp_global_config cfg = {0};
+    int ret;
 
     os_bzero(&s_dpp_ctx, sizeof(s_dpp_ctx));
     s_dpp_ctx.dpp_event_cb = cb;
@@ -624,10 +617,15 @@ esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t cb)
 
     s_dpp_stop_listening = false;
     s_dpp_evt_queue = xQueueCreate(3, sizeof(dpp_event_t));
-    xTaskCreate(esp_dpp_task, "dppT", DPP_TASK_STACK_SIZE, NULL, 2, s_dpp_task_hdl);
+    ret = xTaskCreate(esp_dpp_task, "dppT", DPP_TASK_STACK_SIZE, NULL, 2, s_dpp_task_hdl);
+    if (ret != pdPASS) {
+        wpa_printf(MSG_ERROR, "DPP: failed to create task");
+        return ESP_FAIL;
+    }
 
     s_dpp_api_lock = xSemaphoreCreateRecursiveMutex();
     if (!s_dpp_api_lock) {
+        esp_supp_dpp_deinit();
         wpa_printf(MSG_ERROR, "DPP: dpp_init: failed to create DPP API lock");
         return ESP_ERR_NO_MEM;
     }

components/wpa_supplicant/esp_supplicant/src/esp_hostap.c

@@ -117,34 +117,27 @@ bool hostap_deinit(void *data)
         return true;
     }
 
-    if (hapd->wpa_auth->wpa_ie != NULL) {
-        os_free(hapd->wpa_auth->wpa_ie);
-    }
-
-    if (hapd->wpa_auth->group != NULL) {
-        os_free(hapd->wpa_auth->group);
-    }
-
     if (hapd->wpa_auth != NULL) {
+        if (hapd->wpa_auth->wpa_ie != NULL) {
+            os_free(hapd->wpa_auth->wpa_ie);
+        }
+        if (hapd->wpa_auth->group != NULL) {
+            os_free(hapd->wpa_auth->group);
+        }
         os_free(hapd->wpa_auth);
     }
 
-    if (hapd->conf->ssid.wpa_psk != NULL) {
-        os_free(hapd->conf->ssid.wpa_psk);
-    }
-
-    if (hapd->conf->ssid.wpa_passphrase != NULL) {
-        os_free(hapd->conf->ssid.wpa_passphrase);
-    }
-
     if (hapd->conf != NULL) {
+        if (hapd->conf->ssid.wpa_psk != NULL) {
+            os_free(hapd->conf->ssid.wpa_psk);
+        }
+        if (hapd->conf->ssid.wpa_passphrase != NULL) {
+            os_free(hapd->conf->ssid.wpa_passphrase);
+        }
         os_free(hapd->conf);
     }
 
-    if (hapd != NULL) {
-        os_free(hapd);
-    }
-
+    os_free(hapd);
     esp_wifi_unset_appie_internal(WIFI_APPIE_WPA);
 
     return true;

components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c

@@ -482,30 +482,24 @@ build_nak:
     if (resp == NULL) {
         return ESP_FAIL;
     }
-    ret = ESP_FAIL;
-
 send_resp:
     if (resp == NULL) {
         wpa_printf(MSG_ERROR, "Response build fail, return.");
         return ESP_FAIL;
     }
     ret = eap_sm_send_eapol(sm, resp);
-    if (ret == ESP_OK) {
-        if (resp != sm->lastRespData) {
-            wpabuf_free(sm->lastRespData);
-            sm->lastRespData = resp;
-        }
-    } else {
+    if (resp != sm->lastRespData) {
         wpabuf_free(sm->lastRespData);
-        sm->lastRespData = NULL;
+    }
+    if (ret != ESP_OK) {
         wpabuf_free(resp);
         resp = NULL;
-
         if (ret == WPA_ERR_INVALID_BSSID) {
             ret = WPA2_ENT_EAP_STATE_FAIL;
             wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
         }
     }
+    sm->lastRespData = resp;
 out:
     return ret;
 }
@@ -745,14 +739,16 @@ static int eap_peer_sm_init(void)
 
     sm = (struct eap_sm *)os_zalloc(sizeof(*sm));
     if (sm == NULL) {
-        return ESP_ERR_NO_MEM;
+        ret = ESP_ERR_NO_MEM;
+        return ret;
     }
 
+    gEapSm = sm;
     s_wpa2_data_lock = xSemaphoreCreateRecursiveMutex();
     if (!s_wpa2_data_lock) {
-        free(sm);
         wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock");
-        return ESP_ERR_NO_MEM;
+        ret = ESP_ERR_NO_MEM;
+        goto _err;
     }
 
     wpa2_set_eap_state(WPA2_ENT_EAP_STATE_NOT_START);
@@ -761,53 +757,49 @@ static int eap_peer_sm_init(void)
     ret = eap_peer_blob_init(sm);
     if (ret) {
         wpa_printf(MSG_ERROR, "eap_peer_blob_init failed\n");
-        os_free(sm);
-        vSemaphoreDelete(s_wpa2_data_lock);
-        return ESP_FAIL;
+        ret = ESP_FAIL;
+        goto _err;
     }
 
     ret = eap_peer_config_init(sm, g_wpa_private_key_passwd, g_wpa_private_key_passwd_len);
     if (ret) {
         wpa_printf(MSG_ERROR, "eap_peer_config_init failed\n");
-        eap_peer_blob_deinit(sm);
-        os_free(sm);
-        vSemaphoreDelete(s_wpa2_data_lock);
-        return ESP_FAIL;
+        ret = ESP_FAIL;
+        goto _err;
     }
 
     sm->ssl_ctx = tls_init();
     if (sm->ssl_ctx == NULL) {
-        wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "
-                   "context.");
-        eap_peer_blob_deinit(sm);
-        eap_peer_config_deinit(sm);
-        os_free(sm);
-        vSemaphoreDelete(s_wpa2_data_lock);
-        return ESP_FAIL;
+        wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS context.");
+        ret = ESP_FAIL;
+        goto _err;
     }
 
     wpa2_rxq_init();
 
     gEapSm = sm;
 #ifdef USE_WPA2_TASK
-    s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( void * ) );
-    xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, s_wpa2_task_hdl);
+    s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof(s_wpa2_queue));
+    ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, s_wpa2_task_hdl);
+    if (ret != pdPASS) {
+        wpa_printf(MSG_ERROR, "wps enable: failed to create task");
+        ret = ESP_FAIL;
+        goto _err;
+    }
     s_wifi_wpa2_sync_sem = xSemaphoreCreateCounting(1, 0);
     if (!s_wifi_wpa2_sync_sem) {
-        vQueueDelete(s_wpa2_queue);
-        s_wpa2_queue = NULL;
-        eap_peer_blob_deinit(sm);
-        eap_peer_config_deinit(sm);
-        os_free(sm);
-        vSemaphoreDelete(s_wpa2_data_lock);
         wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem");
-        return ESP_FAIL;
+        ret = ESP_FAIL;
+        goto _err;
     }
 
     wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d\n", 2, WPA2_TASK_STACK_SIZE);
-
 #endif
     return ESP_OK;
+
+_err:
+    eap_peer_sm_deinit();
+    return ret;
 }
 
 /**
@@ -840,8 +832,8 @@ static void eap_peer_sm_deinit(void)
 
     if (s_wifi_wpa2_sync_sem) {
         vSemaphoreDelete(s_wifi_wpa2_sync_sem);
+        s_wifi_wpa2_sync_sem = NULL;
     }
-    s_wifi_wpa2_sync_sem = NULL;
 
     if (s_wpa2_data_lock) {
         vSemaphoreDelete(s_wpa2_data_lock);
@@ -849,6 +841,10 @@ static void eap_peer_sm_deinit(void)
         wpa_printf(MSG_DEBUG, "wpa2 eap_peer_sm_deinit: free data lock");
     }
 
+    if (s_wpa2_queue) {
+        vQueueDelete(s_wpa2_queue);
+        s_wpa2_queue = NULL;
+    }
     os_free(sm);
     gEapSm = NULL;
 }

components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c

@@ -226,10 +226,12 @@ static void wpa_sta_disconnected_cb(uint8_t reason_code)
 }
 
 #ifndef ROAMING_SUPPORT
-static inline void esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
+static inline int esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
 {
 	wpa_cb->wpa_sta_rx_mgmt = NULL;
 	wpa_cb->wpa_sta_profile_match = NULL;
+
+	return 0;
 }
 static inline void esp_supplicant_common_deinit(void)
 {
@@ -270,7 +272,11 @@ int esp_supplicant_init(void)
     wpa_cb->wpa_config_done = wpa_config_done;
 
     esp_wifi_register_wpa3_cb(wpa_cb);
-    esp_supplicant_common_init(wpa_cb);
+    ret = esp_supplicant_common_init(wpa_cb);
+
+    if (ret != 0) {
+        return ret;
+    }
 
     esp_wifi_register_wpa_cb_internal(wpa_cb);
 

components/wpa_supplicant/esp_supplicant/src/esp_wps.c

@@ -516,15 +516,17 @@ wps_build_ic_appie_wps_pr(void)
                  0, NULL);
     }
 
-    if (wps_ie) {
-        if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) {
-            wpabuf_put_buf(extra_ie, wps_ie);
-        } else {
-            wpabuf_free(wps_ie);
-            return;
-        }
+    if (!wps_ie) {
+        return;
+    }
+
+    if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) {
+        wpabuf_put_buf(extra_ie, wps_ie);
+    } else {
         wpabuf_free(wps_ie);
+        return;
     }
+    wpabuf_free(wps_ie);
 
     esp_wifi_set_appie_internal(WIFI_APPIE_WPS_PR, (uint8_t *)wpabuf_head(extra_ie), extra_ie->used, 0);
     wpabuf_free(extra_ie);
@@ -629,7 +631,8 @@ int wps_send_eap_identity_rsp(u8 id)
     ret = esp_wifi_get_assoc_bssid_internal(bssid);
     if (ret != 0) {
         wpa_printf(MSG_ERROR, "bssid is empty!");
-        return ESP_FAIL;
+        ret = ESP_FAIL;
+        goto _err;
     }
 
     wpabuf_put_data(eap_buf, sm->identity, sm->identity_len);
@@ -964,13 +967,6 @@ int wps_finish(void)
     }
 
     if (sm->wps->state == WPS_FINISHED) {
-        wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t));
-
-        if (config == NULL) {
-            wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL;
-            esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY);
-            return ESP_FAIL;
-        }
 
         wpa_printf(MSG_DEBUG, "wps finished------>");
         wps_set_status(WPS_STATUS_SUCCESS);
@@ -979,6 +975,14 @@ int wps_finish(void)
         ets_timer_disarm(&sm->wps_msg_timeout_timer);
 
         if (sm->ap_cred_cnt == 1) {
+            wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t));
+
+            if (config == NULL) {
+                wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL;
+                esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY);
+                return ESP_FAIL;
+            }
+
             memset(config, 0x00, sizeof(wifi_sta_config_t));
             memcpy(config->sta.ssid, sm->ssid[0], sm->ssid_len[0]);
             memcpy(config->sta.password, sm->key[0], sm->key_len[0]);
@@ -1377,6 +1381,9 @@ int wps_dev_init(void)
     return ESP_OK;
 
 _out:
+    if (!dev) {
+        return ret;
+    }
     if (dev->manufacturer) {
         os_free(dev->manufacturer);
     }
@@ -1555,7 +1562,7 @@ wifi_station_wps_init(void)
 
     gWpsSm = (struct wps_sm *)os_zalloc(sizeof(struct wps_sm));   /* alloc Wps_sm */
     if (!gWpsSm) {
-        goto _err;
+        goto _out;
     }
 
     sm = gWpsSm;
@@ -1640,10 +1647,8 @@ _err:
         wps_deinit();
         sm->wps = NULL;
     }
-    if (sm) {
-        os_free(gWpsSm);
-        gWpsSm = NULL;
-    }
+    os_free(gWpsSm);
+    gWpsSm = NULL;
     return ESP_FAIL;
 _out:
     return ESP_FAIL;
@@ -1696,10 +1701,8 @@ wifi_station_wps_deinit(void)
         wps_deinit();
         sm->wps = NULL;
     }
-    if (sm) {
-        os_free(gWpsSm);
-        gWpsSm = NULL;
-    }
+    os_free(gWpsSm);
+    gWpsSm = NULL;
 
     return ESP_OK;
 }
@@ -1937,7 +1940,7 @@ int wps_task_init(void)
     }
 
     os_bzero(s_wps_sig_cnt, SIG_WPS_NUM);
-    s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof( void * ) );
+    s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof(s_wps_queue));
     if (!s_wps_queue) {
         wpa_printf(MSG_ERROR, "wps task init: failed to alloc queue");
         goto _wps_no_mem;

components/wpa_supplicant/include/utils/wpabuf.h

@@ -1,6 +1,6 @@
 /*
  * Dynamic data buffer
- * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2007-2012, Jouni Malinen <j@w1.fi>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -15,6 +15,9 @@
 #ifndef WPABUF_H
 #define WPABUF_H
 
+/* wpabuf::buf is a pointer to external data */
+#define WPABUF_FLAG_EXT_DATA BIT(0)
+
 /*
  * Internal data structure for wpabuf. Please do not touch this directly from
  * elsewhere. This is only defined in header file to allow inline functions
@@ -23,8 +26,8 @@
 struct wpabuf {
 	size_t size; /* total size of the allocated buffer */
 	size_t used; /* length of data in the buffer */
-	u8 *ext_data; /* pointer to external data; NULL if data follows
-		       * struct wpabuf */
+	u8 *buf; /* pointer to the head of the buffer */
+	unsigned int flags;
 	/* optionally followed by the allocated buffer */
 };
 
@@ -79,9 +82,7 @@ static inline size_t wpabuf_tailroom(const struct wpabuf *buf)
  */
 static inline const void * wpabuf_head(const struct wpabuf *buf)
 {
-	if (buf->ext_data)
-		return buf->ext_data;
-	return buf + 1;
+	return buf->buf;
 }
 
 static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf)
@@ -96,9 +97,7 @@ static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf)
  */
 static inline void * wpabuf_mhead(struct wpabuf *buf)
 {
-	if (buf->ext_data)
-		return buf->ext_data;
-	return buf + 1;
+	return buf->buf;
 }
 
 static inline u8 * wpabuf_mhead_u8(struct wpabuf *buf)
@@ -157,7 +156,8 @@ static inline void wpabuf_put_buf(struct wpabuf *dst,
 
 static inline void wpabuf_set(struct wpabuf *buf, const void *data, size_t len)
 {
-	buf->ext_data = (u8 *) data;
+	buf->buf = (u8 *) data;
+	buf->flags = WPABUF_FLAG_EXT_DATA;
 	buf->size = buf->used = len;
 }
 

components/wpa_supplicant/src/ap/wpa_auth.c

@@ -1585,7 +1585,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
     sm->pending_1_of_4_timeout = 0;
     eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
 
-    if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
+    if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) {
         /* PSK may have changed from the previous choice, so update
          * state machine data based on whatever PSK was selected here.
          */

components/wpa_supplicant/src/ap/wpa_auth_ie.c

@@ -362,7 +362,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 			const u8 *wpa_ie, size_t wpa_ie_len/*,
 			const u8 *mdie, size_t mdie_len*/)
 {
-	struct wpa_ie_data data;
+	struct wpa_ie_data data = {0};
 	int ciphers, key_mgmt, res, version;
 	u32 selector;
 

components/wpa_supplicant/src/common/dpp.c

@@ -4670,6 +4670,7 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk,
 	struct wpabuf *x = NULL, *y = NULL, *a = NULL;
 	struct crypto_ec_group *group;
 	struct crypto_key *pkey = NULL;
+	size_t len;
 
 	token = json_get_member(jwk, "kty");
 	if (!token || token->type != JSON_STRING) {
@@ -4728,9 +4729,10 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk,
 		goto fail;
 	}
 
+	len = wpabuf_len(x);
 	a = wpabuf_concat(x, y);
 	pkey = crypto_ec_set_pubkey_point(group, wpabuf_head(a),
-					  wpabuf_len(x));
+					  len);
 	crypto_ec_deinit((struct crypto_ec *)group);
 	*key_curve = curve;
 
@@ -4969,10 +4971,8 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth,
 	unsigned char *der = NULL;
 	int der_len;
 
-	crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len);
-	if (der_len <= 0) {
+	if (crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len) < 0)
 		return;
-	}
 	wpabuf_free(auth->net_access_key);
 	auth->net_access_key = wpabuf_alloc_copy(der, der_len);
 	crypto_free_buffer(der);

components/wpa_supplicant/src/common/mbo.c

@@ -552,17 +552,20 @@ void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
 	}
 
 	bss = os_malloc(sizeof(*bss));
+	if (!bss) {
+		wpa_printf(MSG_DEBUG,
+				"Failed to allocate memory for temp disallow BSS");
+		return;
+	}
+
 	esp_timer_create_args_t blacklist_timer_create = {
 		.callback = &wpa_bss_tmp_disallow_timeout,
 		.arg = bss,
 		.dispatch_method = ESP_TIMER_TASK,
 		.name = "blacklist_timeout_timer"
 	};
-	esp_timer_create(&blacklist_timer_create, &(bss->blacklist_timer));
-
-	if (!bss) {
-		wpa_printf(MSG_DEBUG,
-				"Failed to allocate memory for temp disallow BSS");
+	if (esp_timer_create(&blacklist_timer_create, &(bss->blacklist_timer)) != ESP_OK) {
+		os_free(bss);
 		return;
 	}
 

components/wpa_supplicant/src/common/sae.c

@@ -671,6 +671,7 @@ static int sae_derive_commit(struct sae_data *sae)
 			 * theoretical infinite loop, break out after 100
 			 * attemps.
 			 */
+			crypto_bignum_deinit(mask, 1);
 			return ESP_FAIL;
 		}
 

components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c

@@ -1,16 +1,8 @@
-// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #ifdef ESP_PLATFORM
 #include "esp_system.h"
@@ -65,6 +57,7 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
                          u8 *buf, size_t buflen, size_t padlen)
 {
     int num_bytes, offset;
+    int ret;
 
     if (padlen > buflen) {
         return -1;
@@ -82,9 +75,11 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
     }
 
     os_memset(buf, 0, offset);
-    mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a)));
 
     return num_bytes + offset;
+cleanup:
+    return ret;
 }
 
 

components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c

@@ -1,16 +1,8 @@
-// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #ifdef ESP_PLATFORM
 #include "esp_system.h"
@@ -217,6 +209,9 @@ struct crypto_ec_point *crypto_ec_point_from_bin(struct crypto_ec *e,
 	len = mbedtls_mpi_size(&e->group.P);
 
 	pt = os_zalloc(sizeof(mbedtls_ecp_point));
+	if (!pt) {
+		return NULL;
+	}
 	mbedtls_ecp_point_init(pt);
 
 	MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, val, len));
@@ -490,11 +485,15 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
 	mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key();
 
 	if (!key) {
-		wpa_printf(MSG_ERROR, "%s: memory allocation failed\n", __func__);
+		wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__);
 		return NULL;
 	}
 
 	point = (mbedtls_ecp_point *)crypto_ec_point_from_bin((struct crypto_ec *)group, buf);
+	if (!point) {
+		wpa_printf(MSG_ERROR, "%s: Point initialization failed", __func__);
+		goto fail;
+	}
 	if (crypto_ec_point_is_at_infinity((struct crypto_ec *)group, (struct crypto_ec_point *)point)) {
 		wpa_printf(MSG_ERROR, "Point is at infinity");
 		goto fail;
@@ -509,30 +508,14 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
 		wpa_printf(MSG_ERROR, "Invalid key");
 		goto fail;
 	}
-	mbedtls_ecp_keypair *ecp_key = malloc(sizeof (*ecp_key));
-	if (!ecp_key) {
-		wpa_printf(MSG_ERROR, "key allocation failed");
-		goto fail;
-	}
-
-	/* Init keypair */
-	mbedtls_ecp_keypair_init(ecp_key);
-	// TODO Is it needed? check?
-	MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&ecp_key->Q, point));
-
 	/* Assign values */
 	if( ( ret = mbedtls_pk_setup( key,
 					mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 )
 		goto fail;
-
-	if (key->pk_ctx)
-		os_free(key->pk_ctx);
-	key->pk_ctx = ecp_key;
 	mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->Q, point);
 	mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->grp, MBEDTLS_ECP_DP_SECP256R1);
 
 	pkey = (struct crypto_key *)key;
-cleanup:
 	crypto_ec_point_deinit((struct crypto_ec_point *)point, 0);
 	return pkey;
 fail:
@@ -566,7 +549,7 @@ int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data,
 	char der_data[ECP_PRV_DER_MAX_BYTES];
 
 	*key_len = mbedtls_pk_write_key_der(pkey, (unsigned char *)der_data, ECP_PRV_DER_MAX_BYTES);
-	if (!*key_len)
+	if (*key_len <= 0)
 		return -1;
 
 	*key_data = os_malloc(*key_len);
@@ -599,12 +582,12 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)
 	mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
 	unsigned char buf[MBEDTLS_MPI_MAX_SIZE + 10]; /* tag, length + MPI */
 	unsigned char *c = buf + sizeof(buf );
-	size_t pk_len = 0;
+	int pk_len = 0;
 
 	memset(buf, 0, sizeof(buf) );
 	pk_len = mbedtls_pk_write_pubkey( &c, buf, pkey);
 
-	if (!pk_len)
+	if (pk_len < 0)
 		return -1;
 
 	if (len == 0)

components/wpa_supplicant/src/crypto/crypto_mbedtls.c

@@ -1,17 +1,7 @@
-/**
- * Copyright 2020 Espressif Systems (Shanghai) PTE LTD
+/*
+ * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0
  */
 
 #ifdef ESP_PLATFORM
@@ -631,23 +621,16 @@ int crypto_mod_exp(const uint8_t *base, size_t base_len,
 	mbedtls_mpi_init(&bn_result);
 	mbedtls_mpi_init(&bn_rinv);
 
-	mbedtls_mpi_read_binary(&bn_base, base, base_len);
-	mbedtls_mpi_read_binary(&bn_exp, power, power_len);
-	mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len);
+	MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&bn_base, base, base_len));
+	MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&bn_exp, power, power_len));
+	MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len));
 
-	ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus,
-				  &bn_rinv);
-	if (ret < 0) {
-		mbedtls_mpi_free(&bn_base);
-		mbedtls_mpi_free(&bn_exp);
-		mbedtls_mpi_free(&bn_modulus);
-		mbedtls_mpi_free(&bn_result);
-		mbedtls_mpi_free(&bn_rinv);
-		return ret;
-	}
+	MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus,
+					    &bn_rinv));
 
 	ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len);
 
+cleanup:
 	mbedtls_mpi_free(&bn_base);
 	mbedtls_mpi_free(&bn_exp);
 	mbedtls_mpi_free(&bn_modulus);

components/wpa_supplicant/src/crypto/tls_mbedtls.c

@@ -93,11 +93,8 @@ static int tls_mbedtls_write(void *ctx, const unsigned char *buf, size_t len)
 	struct tls_connection *conn = (struct tls_connection *)ctx;
 	struct tls_data *data = &conn->tls_io_data;
 
-	if (data->out_data) {
-		wpabuf_resize(&data->out_data, len);
-	} else {
-		data->out_data = wpabuf_alloc(len);
-	}
+	if (wpabuf_resize(&data->out_data, len) < 0)
+		return 0;
 
 	wpabuf_put_data(data->out_data, buf, len);
 
@@ -865,9 +862,8 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 	int ret;
 	u8 seed[2 * TLS_RANDOM_LEN];
 	mbedtls_ssl_context *ssl = &conn->tls->ssl;
-	mbedtls_ssl_transform *transform = ssl->transform;
 
-	if (!ssl || !transform) {
+	if (!ssl || !ssl->transform) {
 		wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__);
 		return -1;
 	}
@@ -886,10 +882,10 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 	wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN);
 	wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->session->master, TLS_MASTER_SECRET_LEN);
 
-	if (transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
+	if (ssl->transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
 		ret = tls_prf_sha384(ssl->session->master, TLS_MASTER_SECRET_LEN,
 				label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
-	} else if (transform->ciphersuite_info->mac == MBEDTLS_MD_SHA256) {
+	} else if (ssl->transform->ciphersuite_info->mac == MBEDTLS_MD_SHA256) {
 		ret = tls_prf_sha256(ssl->session->master, TLS_MASTER_SECRET_LEN,
 				label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
 	} else {

components/wpa_supplicant/src/rsn_supp/pmksa_cache.c

@@ -517,7 +517,10 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
             .dispatch_method = ESP_TIMER_TASK,
             .name = "pmksa_timeout_timer"
         };
-        esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer));
+        if (esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer)) != ESP_OK) {
+            os_free(pmksa);
+            pmksa = NULL;
+        }
     }
 
     return pmksa;

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -2258,10 +2258,12 @@ wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len)
     if (esp_wifi_sta_get_reset_param_internal() != 0) {
         // check it's psk
         if (strlen((char *)esp_wifi_sta_get_prof_password_internal()) == 64) {
-            hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(), esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN);
+            if (hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(),
+                           esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN) != 0)
+                return;
         } else {
-        pbkdf2_sha1((char *)esp_wifi_sta_get_prof_password_internal(), sta_ssid->ssid, (size_t)sta_ssid->len,
-            4096, esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN);
+            pbkdf2_sha1((char *)esp_wifi_sta_get_prof_password_internal(), sta_ssid->ssid, (size_t)sta_ssid->len,
+                        4096, esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN);
         }
         esp_wifi_sta_update_ap_info_internal();
         esp_wifi_sta_set_reset_param_internal(0);

components/wpa_supplicant/src/utils/wpabuf.c

@@ -1,6 +1,6 @@
 /*
  * Dynamic data buffer
- * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2007-2012, Jouni Malinen <j@w1.fi>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -72,12 +72,12 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len)
 
 	if (buf->used + add_len > buf->size) {
 		unsigned char *nbuf;
-		if (buf->ext_data) {
-			nbuf = (unsigned char*)os_realloc(buf->ext_data, buf->used + add_len);
+		if (buf->flags & WPABUF_FLAG_EXT_DATA) {
+			nbuf = os_realloc(buf->buf, buf->used + add_len);
 			if (nbuf == NULL)
 				return -1;
 			memset(nbuf + buf->used, 0, add_len);
-			buf->ext_data = nbuf;
+			buf->buf = nbuf;
 		} else {
 #ifdef WPA_TRACE
 			nbuf = os_realloc(trace, sizeof(struct wpabuf_trace) +
@@ -99,6 +99,7 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len)
 			memset(nbuf + sizeof(struct wpabuf) + buf->used, 0,
 				  add_len);
 #endif /* WPA_TRACE */
+			buf->buf = (u8 *) (buf + 1);
 			*_buf = buf;
 		}
 		buf->size = buf->used + add_len;
@@ -130,6 +131,7 @@ struct wpabuf * wpabuf_alloc(size_t len)
 #endif /* WPA_TRACE */
 
 	buf->size = len;
+	buf->buf = (u8 *) (buf + 1);
 	return buf;
 }
 
@@ -151,7 +153,8 @@ struct wpabuf * wpabuf_alloc_ext_data(u8 *data, size_t len)
 
 	buf->size = len;
 	buf->used = len;
-	buf->ext_data = data;
+	buf->buf = data;
+	buf->flags |= WPABUF_FLAG_EXT_DATA;
 
 	return buf;
 }
@@ -191,12 +194,14 @@ void wpabuf_free(struct wpabuf *buf)
 			   trace->magic);
 		abort();
 	}
-	os_free(buf->ext_data);
+	if (buf->flags & WPABUF_FLAG_EXT_DATA)
+		os_free(buf->buf);
 	os_free(trace);
 #else /* WPA_TRACE */
 	if (buf == NULL)
 		return;
-	os_free(buf->ext_data);
+	if (buf->flags & WPABUF_FLAG_EXT_DATA)
+		os_free(buf->buf);
 	os_free(buf);
 #endif /* WPA_TRACE */
 }

components/wpa_supplicant/src/wps/wps_registrar.c

@@ -1652,7 +1652,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
 		os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);	// NOLINT(clang-analyzer-unix.Malloc)
 		wps->cred.key_len = wps->new_psk_len;
 	} else if (wps->use_psk_key && wps->wps->psk_set) {
-		char hex[65];
+		char hex[65] = {0};
 		wpa_printf(MSG_DEBUG,  "WPS: Use PSK format for Network Key");
 		os_memcpy(wps->cred.key, hex, 32 * 2);
 		wps->cred.key_len = 32 * 2;

components/wpa_supplicant/test/test_sae.c

@@ -1,16 +1,8 @@
-// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #ifdef CONFIG_WPA3_SAE
 
@@ -36,6 +28,7 @@ static struct wpabuf *wpabuf_alloc2(size_t len)
     if (buf == NULL)
         return NULL;
     buf->size = len;
+    buf->buf = (u8 *) (buf + 1);
     return buf;
 }
 
@@ -47,7 +40,6 @@ void wpabuf_free2(struct wpabuf *buf)
 {
     if (buf == NULL)
         return;
-    os_free(buf->ext_data);
     os_free(buf);
 }
 

tools/ci/check_copyright_ignore.txt

@@ -837,7 +837,6 @@ components/esp_wifi/include/smartconfig_ack.h
 components/esp_wifi/src/lib_printf.c
 components/esp_wifi/src/mesh_event.c
 components/esp_wifi/src/smartconfig.c
-components/esp_wifi/src/smartconfig_ack.c
 components/esp_wifi/test/test_wifi_init.c
 components/espcoredump/corefile/__init__.py
 components/espcoredump/corefile/_parse_soc_header.py
@@ -2289,7 +2288,6 @@ components/wpa_supplicant/esp_supplicant/include/esp_dpp.h
 components/wpa_supplicant/esp_supplicant/include/esp_rrm.h
 components/wpa_supplicant/esp_supplicant/include/esp_wpa.h
 components/wpa_supplicant/esp_supplicant/include/esp_wps.h
-components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
 components/wpa_supplicant/esp_supplicant/src/esp_dpp_i.h
 components/wpa_supplicant/esp_supplicant/src/esp_scan_i.h
 components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
@@ -2359,10 +2357,7 @@ components/wpa_supplicant/src/crypto/crypto_internal-cipher.c
 components/wpa_supplicant/src/crypto/crypto_internal-modexp.c
 components/wpa_supplicant/src/crypto/crypto_internal-rsa.c
 components/wpa_supplicant/src/crypto/crypto_internal.c
-components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c
-components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c
 components/wpa_supplicant/src/crypto/crypto_mbedtls-rsa.c
-components/wpa_supplicant/src/crypto/crypto_mbedtls.c
 components/wpa_supplicant/src/crypto/des-internal.c
 components/wpa_supplicant/src/crypto/des_i.h
 components/wpa_supplicant/src/crypto/dh_group5.c
@@ -2498,7 +2493,6 @@ components/wpa_supplicant/src/wps/wps_registrar.c
 components/wpa_supplicant/src/wps/wps_validate.c
 components/wpa_supplicant/test/test_crypto.c
 components/wpa_supplicant/test/test_dpp.c
-components/wpa_supplicant/test/test_sae.c
 components/xtensa/eri.c
 components/xtensa/esp32/include/xtensa/config/core-isa.h
 components/xtensa/esp32/include/xtensa/config/core-matmap.h