[TW#18499] Heap corruption when trying to connect to WAP2-Enterprise AP #1569

itc-jalonso · 2018-01-31T11:59:27Z

I'm facing a heap corruption problem when trying to connect to a WPA2-Enterprise that uses a Radius server in "esp-idf v3.1-dev-282-g5b1f869-dirty".

The issue only appears when "Heap corruption detection" is configured as "Comprehensive" and does not appear when connecting to any WPA2 AP without Radius authentication (whatever the "Heap corruption detection" configuration is).

Following is the logged data:

I (11750) wifi: mode : sta (xx:xx:xx:xx:xx:xx)
I (12478) wifi: n:6 2, o:1 0, ap:255 255, sta:6 2, prof:1
I (13137) wifi: state: init -> auth (b0)
I (13140) wifi: state: auth -> assoc (0)
I (13146) wifi: state: assoc -> run (10)
I (13147) wpa: wpa2_task prio:2, stack:6656

I (13346) wpa: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
I (13355) wpa: >>>>>wpa2 FINISH

I (13367) wpa: wpa2 task delete

CORRUPT HEAP: Invalid data at 0x3ffdbe3c. Expected 0xfefefefe got 0xfefefefd
CORRUPT HEAP: Invalid data at 0x3ffdbe48. Expected 0xfefefefe got 0x3ffdbe44
CORRUPT HEAP: Invalid data at 0x3ffdbe4c. Expected 0xfefefefe got 0x3ffdbe44
assertion "verify_fill_pattern(data, size, true, true, true)" failed: file "/home/user/esp32/esp-idf/components/heap/./multi_heap_poisoning.c", line 185, function: multi_heap_malloc
abort() was called at PC 0x401314e3 on core 0

Backtrace: 0x40088afc:0x3ffcf000 0x40088c97:0x3ffcf020 0x401314e3:0x3ffcf040 0x40088779:0x3ffcf070 0x400828b8:0x3ffcf090 0x400828e9:0x3ffcf0b0 0x40083109:0x3ffcf0d0 0x400832e9:0x3ffcf150 0x40084825:0x3ffcf170 0x400f4db6:0x3ffcf190 0x400f2f2a:0x3ffcf1d0 0x400f425e:0x3ffcf210 0x400e8f02:0x3ffcf2a0 0x400eb1f5:0x3ffcf2d0

CPU halted.


0x40088afc: invoke_abort at /home/user/esp32/esp-idf/components/esp32/./panic.c:648
0x40088c97: abort at /home/user/esp32/esp-idf/components/esp32/./panic.c:648
0x401314e3: __assert_func at /Users/ivan/e/newlib_xtensa-2.2.0-bin/newlib_xtensa-2.2.0/xtensa-esp32-elf/newlib/libc/stdlib/../../../.././newlib/libc/stdlib/assert.c:63 (discriminator 8)
0x40088779: multi_heap_malloc at /home/user/esp32/esp-idf/components/heap/./multi_heap_poisoning.c:353
0x400828b8: heap_caps_malloc at /home/user/esp32/esp-idf/components/heap/./heap_caps.c:136
0x400828e9: heap_caps_malloc_default at /home/user/esp32/esp-idf/components/heap/./heap_caps.c:136
0x40083109: trace_malloc at /home/user/esp32/esp-idf/components/heap/./heap_trace.c:324
0x400832e9: __wrap_malloc at /home/user/esp32/esp-idf/components/heap/./heap_trace.c:392
0x40084825: wifi_malloc at /home/user/esp32/esp-idf/components/esp32/./wifi_internal.c:28
0x400f4db6: ppInstallKey at ??:?
0x400f2f2a: wpa_parse_kde_ies at ??:?
0x400f425e: eapol_txcb at ??:?
0x400e8f02: ppProcTxDone at ??:?
0x400eb1f5: ppTask at ??:?

The text was updated successfully, but these errors were encountered:

itc-jalonso · 2018-02-01T06:10:31Z

Issue also happens with latest commit: "esp-idf v3.1-dev-304-gd8c8050-dirty".

ghost · 2018-04-30T12:24:09Z

This problem can easily be reproduced with wpa2_enterprise example code and an AP running hostapd.
Certs/keys from example code and default ssid, username etc are used.

Attaching hostapd.conf used.

hostapd_conf.tar.gz

Backport following bug fixes to v3.1: 1. Bug fix of may connect to wrong AP in all channel scan 2. Station state machine change and fix ap loss 3. Add compatible to ccmp encryption 4. Update libphy.a to v3960: 4.1 Decrease phy_init time from 900us to 347us in sleep wakeup 4.2 Fix RX STBC initialization 4.3 Modify set_chan function to fix interrupt watchdog issue 5. Fix several wpa2 enterprise issues 5.1 Fix heap corrupted bug 5.2 Fix memory leak bug 5.3 Make wpa2 enterprise thread-safe Closes #1569 6. Bugfix of coex wifi pm

Fix following issues: 1. Fix heap corrupted bug 2. Fix memory leak bug 3. Make wpa2 enterprise thread-safe Closes espressif/esp-idf#1569

Backport following bug fixes to v3.1: 1. Bug fix of may connect to wrong AP in all channel scan 2. Station state machine change and fix ap loss 3. Add compatible to ccmp encryption 4. Update libphy.a to v3960: 4.1 Decrease phy_init time from 900us to 347us in sleep wakeup 4.2 Fix RX STBC initialization 4.3 Modify set_chan function to fix interrupt watchdog issue 5. Fix several wpa2 enterprise issues 5.1 Fix heap corrupted bug 5.2 Fix memory leak bug 5.3 Make wpa2 enterprise thread-safe Closes espressif/esp-idf#1569 6. Bugfix of coex wifi pm

FayeY changed the title ~~Heap corruption when trying to connect to WAP2-Enterprise AP~~ [TW#18499] Heap corruption when trying to connect to WAP2-Enterprise AP Feb 11, 2018

jack0c added the Type: Bug bugs in IDF label Mar 26, 2018

igrr closed this as completed in 343bd32 Aug 6, 2018

catalinio pushed a commit to catalinio/pycom-esp-idf that referenced this issue Jun 28, 2019

esp32: fix several wpa2 enterprise issues

6968a10

Fix following issues: 1. Fix heap corrupted bug 2. Fix memory leak bug 3. Make wpa2 enterprise thread-safe Closes espressif/esp-idf#1569

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[TW#18499] Heap corruption when trying to connect to WAP2-Enterprise AP #1569

[TW#18499] Heap corruption when trying to connect to WAP2-Enterprise AP #1569

itc-jalonso commented Jan 31, 2018

itc-jalonso commented Feb 1, 2018

ghost commented Apr 30, 2018 •

edited by ghost

Loading

[TW#18499] Heap corruption when trying to connect to WAP2-Enterprise AP #1569

[TW#18499] Heap corruption when trying to connect to WAP2-Enterprise AP #1569

Comments

itc-jalonso commented Jan 31, 2018

itc-jalonso commented Feb 1, 2018

ghost commented Apr 30, 2018 • edited by ghost Loading

ghost commented Apr 30, 2018 •

edited by ghost

Loading