From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 15 Apr 2019 18:11:46 +0000 (+0300)
Subject: Fix hostapd BSS_TM_REQ handling of bss_term parameter
X-Git-Tag: hostap_2_8~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f68051395593f732057b7ae8b0df5281dfd085c;p=thirdparty%2Fhostap.git

Fix hostapd BSS_TM_REQ handling of bss_term parameter

The TSF field in BSS termination information was not cleared correctly.
It was supposed to be cleared to all zeros, but the memset call did not
point at offset 2; instead, it cleared it with 0x02 octets and also
cleared the subelement header with 0x02 octets while leaving two last
octets uninitialized.

Fixes: a30dff07fb18 ("Add BSS_TM_REQ command to send BSS Transition Management Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 78e52a6fe..e4b16e61a 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -883,7 +883,7 @@ static int hostapd_ctrl_iface_bss_tm_req(struct hostapd_data *hapd,
 		/* TODO: TSF configurable/learnable */
 		bss_term_dur[0] = 4; /* Subelement ID */
 		bss_term_dur[1] = 10; /* Length */
-		os_memset(bss_term_dur, 2, 8);
+		os_memset(&bss_term_dur[2], 0, 8);
 		end = os_strchr(pos, ',');
 		if (end == NULL) {
 			wpa_printf(MSG_DEBUG, "Invalid bss_term data");