Skip to content

WiFi: STA connection / disconnection event handler incorrectly copies ssid from the SDK struct #7929

New issue
New issue
Closed
Closed
WiFi: STA connection / disconnection event handler incorrectly copies ssid from the SDK struct#7929
@mcspr

Description

@mcspr
mcspr
opened on Mar 17, 2021

Basic Infos

  • This issue complies with the issue POLICY doc.
  • I have read the documentation at readthedocs and the issue is not addressed there.
  • I have tested that the issue is present in current master branch (aka latest git).
  • I have searched the issue tracker for a similar issue.
  • If there is a stack dump, I have decoded it.
  • I have filled out all fields below.

Platform

  • Hardware: any
  • Core Version: 1b922ed
  • Development Env: any
  • Operating System: any

Problem Description

Something I noticed while looking at the event handler:

Arduino/libraries/ESP8266WiFi/src/ESP8266WiFiGeneric.cpp

Lines 106 to 108 in 1b922ed

auto& src = e->event_info.connected;
WiFiEventStationModeConnected dst;
dst.ssid = String(reinterpret_cast<char*>(src.ssid));

Arduino/libraries/ESP8266WiFi/src/ESP8266WiFiGeneric.cpp

Lines 120 to 122 in 1b922ed

auto& src = e->event_info.disconnected;
WiFiEventStationModeDisconnected dst;
dst.ssid = String(reinterpret_cast<char*>(src.ssid));

It is assumed that the pointer could be used as-is via a simple char* cast.

Arduino/tools/sdk/include/user_interface.h

Lines 516 to 528 in 1b922ed

typedef struct {
uint8 ssid[32];
uint8 ssid_len;
uint8 bssid[6];
uint8 channel;
} Event_StaMode_Connected_t;
typedef struct {
uint8 ssid[32];
uint8 ssid_len;
uint8 bssid[6];
uint8 reason;
} Event_StaMode_Disconnected_t;

While it is not true from the SDK side, it is a byte string with a separate length field.

Adding this as an issue, since I also wanted to go over other possible user_interface.h structs with ssid + ssid_len appearances before sending the patch

MCVE Sketch

Small example showing ssid.length() 33 instead of expected 32, because we read 0x20 aka ssid_len=32 plus the first 00 of zeroed out bssid[6]

#include <Arduino.h>
#include <ESP8266WiFi.h>

const char ssid[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; // strlen(ssid) == 32
const char pass[] = "whatever";

void setup() {
    Serial.begin(115200);
    Serial.println("trying to connect");

    static auto disconnected = WiFi.onStationModeDisconnected([](const auto& result) {
        Serial.println("onDisconnected");
        Serial.println(result.ssid);
        Serial.printf("len=%u\n", result.ssid.length());
        Serial.printf("ssid[-1]=%02X\n", result.ssid[result.ssid.length() - 1]);
        Serial.printf("reason=%d\n", static_cast<int>(result.reason));
    });

    WiFi.persistent(false);
    WiFi.begin(ssid, pass);
    if (WL_CONNECTED != WiFi.waitForConnectResult()) {
        Serial.println("wifi err");
        abort();
    }
}

void loop() {
}

Debug Messages

trying to connect
onDisconnected
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
len=33
ssid[-1]=20
reason=201

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions