Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

drivers/wifi/espat: Invalid parameter checks lead to system crashes #81804

Open
hongquan-prog opened this issue Nov 23, 2024 · 0 comments · May be fixed by #81806
Open

drivers/wifi/espat: Invalid parameter checks lead to system crashes #81804

hongquan-prog opened this issue Nov 23, 2024 · 0 comments · May be fixed by #81806
Labels
bug The issue is a bug, or the PR is fixing a bug

Comments

@hongquan-prog
Copy link
Contributor

hongquan-prog commented Nov 23, 2024
edited
Loading

Describe the bug
If the system opens the ESP_AT_CIPDINFO_USE option, when the host side
reboot may receive some invalid IPD information (esp32 has not been restarted),
at this time, because the system has just booted up, IPD in the link id does
not exist in the host side, it will execute the following code, but due to the
return value checking logic is incorrect, and continue to use the null pointer
to cause the system to crash.

static int cmd_ipd_parse_hdr(struct esp_data *dev,
			     struct esp_socket **sock,
			     struct net_buf *buf, uint16_t len,
			     int *data_offset, long *data_len)
{
	char ipd_buf[MAX_IPD_LEN + 1];
	char *str;
	char *str_end;
	long link_id;
	size_t frags_len;
	size_t match_len;
	int err;

	......

	*sock = esp_socket_ref_from_link_id(dev, link_id);
	if (!sock) {
		LOG_ERR("No socket for link %ld", link_id);
		return str - ipd_buf;
	}
        
        ......

socket_unref:
	esp_socket_unref(*sock);

	return err;
}

Expected behavior
The system is booting up normally.

Impact
Until the host side restarts esp32, the host side may receive some messages from IPD causing the system to crash

Environment (please complete the following information):

  • OS: MacOS
  • Toolchain:zephyr-sdk-0.16.4
  • Latest main branch
@hongquan-prog hongquan-prog added the bug The issue is a bug, or the PR is fixing a bug label Nov 23, 2024
hongquan-prog added a commit to hongquan-prog/zephyr that referenced this issue Nov 23, 2024
@hongquan-prog
drivers/wifi/esp_at: Fix system crash caused by null pointer
b70910b 
The code for checking the null pointer is incorrect,
with ESP_AT_CIPDINFO_USE turned on, after a soft reboot
of the host and before a reboot of ESP32, the host may
receive an incorrect IPD message causing a system crash.

Fixes zephyrproject-rtos#81804

Signed-off-by: Hongquan Li <[email protected]>
@hongquan-prog hongquan-prog linked a pull request Nov 23, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue is a bug, or the PR is fixing a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

drivers/wifi/esp_at: Fix system crash caused by null pointer hongquan-prog/zephyr
1 participant
@hongquan-prog