RRM: Set last beacon report indication in the last element only

The last beacon report indication was set in all the beacon report
elements in the last frame of the beacon report, while it should be
set only in the last beacon report element of the last frame.

Fixes: ecef0687dc33 ("RRM: Support for Last Beacon Report Indication subelement")
Signed-off-by: Avraham Stern <avraham.stern@intel.com>

diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
index ab5e6dbdb6bc57a09d9c237f4a0b5cc51301f0c9..cb3c6c995dd9e19f54a9ee172b6dd22fbb0de39d 100644 (file)
--- a/wpa_supplicant/rrm.c
+++ b/wpa_supplicant/rrm.c
@@ -397,7 +397,10 @@ static int wpas_rrm_beacon_rep_update_last_frame(u8 *pos, size_t len)
        struct rrm_measurement_report_element *msr_rep;
        u8 *end = pos + len;
        u8 *msr_rep_end;
+       struct rrm_measurement_beacon_report *rep = NULL;
+       u8 *subelem;
 
+       /* Find the last beacon report element */
        while (end - pos >= (int) sizeof(*msr_rep)) {
                msr_rep = (struct rrm_measurement_report_element *) pos;
                msr_rep_end = pos + msr_rep->len + 2;
@@ -410,30 +413,27 @@ static int wpas_rrm_beacon_rep_update_last_frame(u8 *pos, size_t len)
                        return -1;
                }
 
-               if (msr_rep->type == MEASURE_TYPE_BEACON) {
-                       struct rrm_measurement_beacon_report *rep;
-                       u8 *subelem;
-
+               if (msr_rep->type == MEASURE_TYPE_BEACON)
                        rep = (struct rrm_measurement_beacon_report *)
                                msr_rep->variable;
-                       subelem = rep->variable;
-                       while (subelem + 2 < msr_rep_end &&
-                              subelem[0] !=
-                              WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION)
-                               subelem += 2 + subelem[1];
-
-                       if (subelem + 2 < msr_rep_end &&
-                           subelem[0] ==
-                           WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION &&
-                           subelem[1] == 1 &&
-                           subelem +
-                           BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN <= end)
-                               subelem[2] = 1;
-               }
 
                pos += pos[1] + 2;
        }
 
+       if (!rep)
+               return 0;
+
+       subelem = rep->variable;
+       while (subelem + 2 < msr_rep_end &&
+              subelem[0] != WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION)
+               subelem += 2 + subelem[1];
+
+       if (subelem + 2 < msr_rep_end &&
+           subelem[0] == WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION &&
+           subelem[1] == 1 &&
+           subelem + BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN <= end)
+               subelem[2] = 1;
+
        return 0;
 }