Skip to content

WiFi: STA connection / disconnection event handler incorrectly copies ssid from the SDK struct #7929

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
6 tasks done
mcspr opened this issue Mar 17, 2021 · 0 comments
Closed
6 tasks done

WiFi: STA connection / disconnection event handler incorrectly copies ssid from the SDK struct #7929

mcspr opened this issue Mar 17, 2021 · 0 comments

Comments

@mcspr
Copy link
Collaborator

mcspr commented Mar 17, 2021

Basic Infos

  • This issue complies with the issue POLICY doc.
  • I have read the documentation at readthedocs and the issue is not addressed there.
  • I have tested that the issue is present in current master branch (aka latest git).
  • I have searched the issue tracker for a similar issue.
  • If there is a stack dump, I have decoded it.
  • I have filled out all fields below.

Platform

  • Hardware: any
  • Core Version: 1b922ed
  • Development Env: any
  • Operating System: any

Problem Description

Something I noticed while looking at the event handler:

Arduino/libraries/ESP8266WiFi/src/ESP8266WiFiGeneric.cpp

Lines 106 to 108 in 1b922ed

auto& src = e->event_info.connected;
WiFiEventStationModeConnected dst;
dst.ssid = String(reinterpret_cast<char*>(src.ssid));

Arduino/libraries/ESP8266WiFi/src/ESP8266WiFiGeneric.cpp

Lines 120 to 122 in 1b922ed

auto& src = e->event_info.disconnected;
WiFiEventStationModeDisconnected dst;
dst.ssid = String(reinterpret_cast<char*>(src.ssid));

It is assumed that the pointer could be used as-is via a simple char* cast.

Arduino/tools/sdk/include/user_interface.h

Lines 516 to 528 in 1b922ed

typedef struct {
uint8 ssid[32];
uint8 ssid_len;
uint8 bssid[6];
uint8 channel;
} Event_StaMode_Connected_t;
typedef struct {
uint8 ssid[32];
uint8 ssid_len;
uint8 bssid[6];
uint8 reason;
} Event_StaMode_Disconnected_t;

While it is not true from the SDK side, it is a byte string with a separate length field.

Adding this as an issue, since I also wanted to go over other possible user_interface.h structs with ssid + ssid_len appearances before sending the patch

MCVE Sketch

Small example showing ssid.length() 33 instead of expected 32, because we read 0x20 aka ssid_len=32 plus the first 00 of zeroed out bssid[6]

#include <Arduino.h>
#include <ESP8266WiFi.h>

const char ssid[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; // strlen(ssid) == 32
const char pass[] = "whatever";

void setup() {
    Serial.begin(115200);
    Serial.println("trying to connect");

    static auto disconnected = WiFi.onStationModeDisconnected([](const auto& result) {
        Serial.println("onDisconnected");
        Serial.println(result.ssid);
        Serial.printf("len=%u\n", result.ssid.length());
        Serial.printf("ssid[-1]=%02X\n", result.ssid[result.ssid.length() - 1]);
        Serial.printf("reason=%d\n", static_cast<int>(result.reason));
    });

    WiFi.persistent(false);
    WiFi.begin(ssid, pass);
    if (WL_CONNECTED != WiFi.waitForConnectResult()) {
        Serial.println("wifi err");
        abort();
    }
}

void loop() {
}

Debug Messages

trying to connect
onDisconnected
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
len=33
ssid[-1]=20
reason=201
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mcspr