Bug in WPA2 EAP

victorclaessen
Posts: 12
Joined: Mon Aug 14, 2017 8:08 pm

Re: Bug in WPA2 EAP

Postby victorclaessen » Fri Jun 29, 2018 2:06 pm

At the request (https://github.com/esp8266/Arduino/pull/4853#issuecomment-401187904) of d-a-v, I updated my arduino esp8266 repo to his pull request and re-ran my code. Now the error message is different "there is no poison after the block", which is interesting but I do not yet know what it means. See below for esp8266 debug output:

Code: Select all

ets Jan  8 2013,rst cause:2, boot mode:(3,7)

load 0x4010f000, len 1384, room 16
tail 8
chksum 0x2d
csum 0x2d
v00000000
~ld

SDK:3.0.0-dev(c0f7b44)/Core:win-2.5.0-dev/lwIP:2.0.3(STABLE-2_0_3_RELEASE/glue:arduino-2.4.1-13-g163bb82)/BearSSL:94e9704
WPA2 ENTERPRISE VERSION: [v2.0] enable
scandone

Waiting for connection and IP Address from DHCP
wifi evt: 8
wifi evt: 2
.scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 1
cnt
EAP-MSCHAPV2: RX identifier 3 mschapv2_id 3
EAP-MSCHAPV2: Generate Challenge Response
EAP-MSCHAPV2: RX identifier 4 mschapv2_id 3
there is no poison after the block. Expected poison address: 0x41491208, actual data: 0x0e 0x00 0x00 0x00
block start: 3fff10bc

Panic C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266\umm_malloc\umm_malloc.c:861 check_poison_block

ctx: sys
sp: 3fffec50 end: 3fffffb0 offset: 01b0

>>>stack>>>

victorclaessen
Posts: 12
Joined: Mon Aug 14, 2017 8:08 pm

Re: Bug in WPA2 EAP

Postby victorclaessen » Fri Jun 29, 2018 2:35 pm

To rule out device failure I took a completely new esp8266 module (Witty Cloud board) from its protective packaging, and uploaded the same code to it. I selected 'erase all flash contents' as an arduino upload option. Same result:

Code: Select all

SDK:3.0.0-dev(c0f7b44)/Core:win-2.5.0-dev/lwIP:2.0.3(STABLE-2_0_3_RELEASE/glue:arduino-2.4.1-13-g163bb82)/BearSSL:94e9704
WPA2 ENTERPRISE VERSION: [v2.0] enable
scandone

Waiting for connection and IP Address from DHCP
wifi evt: 8
wifi evt: 2
.scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 1
cnt
EAP-MSCHAPV2: RX identifier 3 mschapv2_id 3
EAP-MSCHAPV2: Generate Challenge Response
EAP-MSCHAPV2: RX identifier 4 mschapv2_id 3
there is no poison after the block. Expected poison address: 0x414910d8, actual data: 0x0e 0x00 0x00 0x00
block start: 3fff0f8c

Panic C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266\umm_malloc\umm_malloc.c:861 check_poison_block

ctx: sys
sp: 3fffec50 end: 3fffffb0 offset: 01b0

>>>stack>>>

Decoding 67 results
0x40204af6: printf at /Users/igrokhotkov/e/newlib-xtensa/xtensa-lx106-elf/newlib/libc/stdio/../../../.././newlib/libc/stdio/printf.c line 61
0x40244394: sleep_reset_analog_rtcreg_8266 at ?? line ?
0x401004db: check_poison at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266\umm_malloc/umm_malloc.c line 861
:  (inlined by) check_poison_block at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266\umm_malloc/umm_malloc.c line 851
0x4010020c: _umm_free at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266\umm_malloc/umm_malloc.c line 1295
0x4010020c: _umm_free at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266\umm_malloc/umm_malloc.c line 1295
0x4010053a: get_unpoisoned at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266\umm_malloc/umm_malloc.c line 946
0x401009dc: free at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266\umm_malloc/umm_malloc.c line 1742
0x4022d8e0: _base64_decode at ?? line ?
0x40106944: vPortFree at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266/heap.c line 59
0x4022581a: wpa2_sm_rx_eapol at ?? line ?
0x4022582e: wpa2_sm_rx_eapol at ?? line ?
0x40225869: wpa2_sm_rx_eapol at ?? line ?
0x40225434: wpa2_sm_rx_eapol at ?? line ?
0x4021cccd: sta_input at ?? line ?
0x40230d43: pp_tx_idle_timeout at ?? line ?
0x40230603: ppPeocessRxPktHdr at ?? line ?
0x40104740: call_user_start_local at ?? line ?
0x40104746: call_user_start_local at ?? line ?
0x4010000d: call_user_start at ?? line ?
0x40100a84: cont_ret at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266/cont.S line 142
0x40100a31: cont_continue at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266/cont.S line 51
0x40101232: pp_post at ?? line ?
0x40104620: lmacTxFrame at ?? line ?
0x4010383f: lmacRecycleMPDU at ?? line ?
0x40103ca2: lmacRecycleMPDU at ?? line ?
0x40103786: lmacProcessTxSuccess at ?? line ?
0x401025fb: wDev_ProcessFiq at ?? line ?
0x401022f8: wDev_ProcessFiq at ?? line ?
0x40100439: check_poison_block at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266\umm_malloc/umm_malloc.c line 842
0x40104f19: ets_timer_disarm at ?? line ?
0x40245d80: sleep_reset_analog_rtcreg_8266 at ?? line ?
0x40240000: phy_gpio_cfg at ?? line ?
0x40241c31: ram_set_txbb_atten at ?? line ?
0x4023e77a: tx_atten_set_interp at ?? line ?
0x40231763: pp_attach at ?? line ?
0x402317b2: pp_attach at ?? line ?
0x4010137b: ppCalFrameTimes at ?? line ?
0x4023086b: ppTxPkt at ?? line ?
0x40219d6b: ieee80211_send_probereq at ?? line ?
0x4021ddd4: cnx_start_handoff_cb at ?? line ?
0x4021bb93: scan_remove_probe_ssid at ?? line ?
0x4021b764: scan_start at ?? line ?
0x4021ddd4: cnx_start_handoff_cb at ?? line ?
0x4010505c: ets_timer_arm_new at ?? line ?
0x4021d76b: chm_start_op at ?? line ?
0x4021ddd4: cnx_start_handoff_cb at ?? line ?
0x4021ddd4: cnx_start_handoff_cb at ?? line ?
0x4021d6e0: chm_start_op at ?? line ?
0x4021b754: scan_start at ?? line ?
0x4021b728: scan_start at ?? line ?
0x4021b6f3: scan_start at ?? line ?
0x4021bca4: scan_remove_probe_ssid at ?? line ?
0x4010505c: ets_timer_arm_new at ?? line ?
0x40203398: esp_yield at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266/core_esp8266_main.cpp line 91
0x402014e7: delay at C:\Program Files (x86)\Arduino\hardware\esp8266com\esp8266\cores\esp8266/core_esp8266_wiring.c line 51
0x40202716: setup at C:\Users\claessen\Documents\Arduino\wpa2/wpa2.ino line 45

<<<stack<<<



(The attempt from the previous post used a of Wemos D1 mini v3 board.)

avc
Posts: 5
Joined: Wed Sep 21, 2016 10:12 am

Re: Bug in WPA2 EAP

Postby avc » Sun Jul 01, 2018 3:16 am

@victorclaessen I was going through the espressif repo, and I noticed a more files which were updated along the wpa2 stuff. some on lwip, some in /include folders. Now, When @ESP_Faye asked to try out the latest sdk, I would be surprised he would say so without having someone (he himself or someone in his team) test it out and made sure it is working atleast on their network. Which makes me think: Is it possible that it is not just the 2 lib files, and the wpa2_enterprise.h (which was not updated in this go) that needs to be added for this to work?

Who is online

Users browsing this forum: No registered users and 2 guests