From 236fa500c78bc13ed3566806e22d592caded7f2d Mon Sep 17 00:00:00 2001
From: aditi_lonkar <aditi.lonkar@espressif.com>
Date: Mon, 25 Sep 2023 15:10:15 +0530
Subject: [PATCH] fix(wpa_supplicant): Fix few dpp bugs

  1) Fix crash in dpp Listen without bootstrap
  2) Fix crash on receiving dpp auth_req from hostapd with dpp akm
---
 .../wpa_supplicant/esp_supplicant/src/esp_dpp.c |  6 +++++-
 components/wpa_supplicant/src/common/dpp.c      | 17 ++++++++++-------
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
index 72de734c8be1..d1e7256be6f0 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -379,6 +379,10 @@ static void esp_dpp_task(void *pvParameters )
                 static int counter;
                 int channel;
 
+                if (p->num_chan <= 0) {
+                    wpa_printf(MSG_ERROR, "Listen channel not set");
+                    break;
+                }
                 channel = p->chan_list[counter++ % p->num_chan];
                 esp_wifi_remain_on_channel(WIFI_IF_STA, WIFI_ROC_REQ, channel,
                                            BOOTSTRAP_ROC_WAIT_TIME, s_action_rx_cb);
diff --git a/components/wpa_supplicant/src/common/dpp.c b/components/wpa_supplicant/src/common/dpp.c
index a2f075b9f783..9d3507ad3a72 100644
--- a/components/wpa_supplicant/src/common/dpp.c
+++ b/components/wpa_supplicant/src/common/dpp.c
@@ -43,7 +43,7 @@ struct dpp_global {
 static const struct dpp_curve_params dpp_curves[] = {
 	/* The mandatory to support and the default NIST P-256 curve needs to
 	 * be the first entry on this list. */
-	{ "sec256r1", 32, 32, 16, 32, "P-256", 19, "ES256" },
+	{ "secp256r1", 32, 32, 16, 32, "P-256", 19, "ES256" },
 	{ "secp384r1", 48, 48, 24, 48, "P-384", 20, "ES384" },
 	{ "secp521r1", 64, 64, 32, 66, "P-521", 21, "ES512" },
 	{ "brainpoolP256r1", 32, 32, 16, 32, "BP-256", 28, "BS256" },
@@ -4669,7 +4669,8 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk,
 {
 	struct json_token *token;
 	const struct dpp_curve_params *curve;
-	struct wpabuf *x = NULL, *y = NULL, *a = NULL;
+	struct wpabuf *x = NULL, *y = NULL;
+	unsigned char *a = NULL;
 	struct crypto_ec_group *group;
 	struct crypto_key *pkey = NULL;
 	size_t len;
@@ -4731,17 +4732,19 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk,
 		goto fail;
 	}
 
-	len = wpabuf_len(x);
-	a = wpabuf_concat(x, y);
-	pkey = crypto_ec_set_pubkey_point(group, wpabuf_head(a),
-					  len);
+	len = wpabuf_len(x) + wpabuf_len(y);
+	a = os_zalloc(len);
+	os_memcpy(a, wpabuf_head(x), wpabuf_len(x));
+	os_memcpy(a + wpabuf_len(x), wpabuf_head(y), wpabuf_len(y));
+	pkey = crypto_ec_set_pubkey_point(group, a, len);
+
 	crypto_ec_deinit((struct crypto_ec *)group);
 	*key_curve = curve;
 
 fail:
-	wpabuf_free(a);
 	wpabuf_free(x);
 	wpabuf_free(y);
+	os_free(a);
 
 	return pkey;
 }