wpa_supplicant: Fix some memleaks and invalid memory access

Add changes to fix issues reported in clang analyzer

Author: kapilkedawat

components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c

@@ -759,6 +759,7 @@ static int eap_peer_sm_init(void)
     if (ret) {
         wpa_printf(MSG_ERROR, "eap_peer_blob_init failed\n");
         os_free(sm);
+        vSemaphoreDelete(s_wpa2_data_lock);
         return ESP_FAIL;
     }
 
@@ -767,6 +768,7 @@ static int eap_peer_sm_init(void)
         wpa_printf(MSG_ERROR, "eap_peer_config_init failed\n");
         eap_peer_blob_deinit(sm);
         os_free(sm);
+        vSemaphoreDelete(s_wpa2_data_lock);
         return ESP_FAIL;
     }
 
@@ -777,6 +779,7 @@ static int eap_peer_sm_init(void)
         eap_peer_blob_deinit(sm);
         eap_peer_config_deinit(sm);
         os_free(sm);
+        vSemaphoreDelete(s_wpa2_data_lock);
         return ESP_FAIL;
     }
 
@@ -788,6 +791,12 @@ static int eap_peer_sm_init(void)
     xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, s_wpa2_task_hdl);
     s_wifi_wpa2_sync_sem = xSemaphoreCreateCounting(1, 0);
     if (!s_wifi_wpa2_sync_sem) {
+        vQueueDelete(s_wpa2_queue);
+        s_wpa2_queue = NULL;
+        eap_peer_blob_deinit(sm);
+        eap_peer_config_deinit(sm);
+        os_free(sm);
+        vSemaphoreDelete(s_wpa2_data_lock);
         wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem");
         return ESP_FAIL;
     }

components/wpa_supplicant/src/wps/wps.c

@@ -260,42 +260,40 @@ int wps_is_addr_authorized(const struct wpabuf *msg, const u8 *addr,
  * provisioning, -1 if wps_a is considered more like, or 0 if no preference
  */
 int wps_ap_priority_compar(const struct wpabuf *wps_a,
-               const struct wpabuf *wps_b)
+                           const struct wpabuf *wps_b)
 {
-    struct wps_parse_attr *attr_a, *attr_b;
+    struct wps_parse_attr *attr = NULL;
     int sel_a, sel_b;
-    int ret = 0;
+    int ret = 0; /* No preference */
 
-    attr_a = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
-    attr_b = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
+    attr = os_zalloc(sizeof(*attr));
 
-    if (attr_a == NULL || attr_b == NULL) {
-        ret = 0;
-        goto _out;
-    }
+    if (!attr)
+	    return ret;
 
-    if (wps_a == NULL || wps_parse_msg(wps_a, attr_a) < 0)
-        return 1;   // NOLINT(clang-analyzer-unix.Malloc)
-    if (wps_b == NULL || wps_parse_msg(wps_b, attr_b) < 0)
-        return -1;
+    if (wps_a == NULL || wps_parse_msg(wps_a, attr) < 0) {
+        ret = 1;
+        goto exit;
+    }
+    sel_a = attr->selected_registrar && *(attr->selected_registrar) != 0;
 
-    sel_a = attr_a->selected_registrar && *attr_a->selected_registrar != 0;
-    sel_b = attr_b->selected_registrar && *attr_b->selected_registrar != 0;
+    if (wps_b == NULL || wps_parse_msg(wps_b, attr) < 0) {
+        ret = -1;
+        goto exit;
+    }
+    sel_b = attr->selected_registrar && *(attr->selected_registrar) != 0;
 
     if (sel_a && !sel_b) {
         ret = -1;
-        goto _out;
+        goto exit;
     }
     if (!sel_a && sel_b) {
         ret = 1;
-        goto _out;
+        goto exit;
     }
 
-_out:
-    if (attr_a)
-        os_free(attr_a);
-    if (attr_b)
-        os_free(attr_b);
+exit:
+    os_free(attr);
     return ret;
 }
 

components/wpa_supplicant/src/wps/wps_registrar.c

@@ -1640,6 +1640,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
 		if (random_get_bytes(r, sizeof(r)) < 0)
 			return -1;
 		os_free(wps->new_psk);
+		wps->new_psk = (u8 *)base64_encode(r, sizeof(r), &wps->new_psk_len);
 		if (wps->new_psk == NULL)
 			return -1;
 		wps->new_psk_len--; /* remove newline */