From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Tue, 5 Feb 2013 15:40:09 +0000 (+0200)
Subject: HS 2.0: Fix IE buffer length for extra scan IEs
X-Git-Tag: aosp-kk-from-upstream~597
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5ebe8c8179b59563fceb59a3b82c9cb02f7a40dd;p=thirdparty%2Fhostap.git

HS 2.0: Fix IE buffer length for extra scan IEs

The HS 2.0 Indication element is 7 (not 6) octets. The previous
implementation could result in wpabuf validation code stopping the
program if HS 2.0 was enabled without Interworking or P2P (which would
have created a large enough buffer to avoid hitting this) being enable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 25a9ef821..19405a453 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -735,7 +735,7 @@ ssid_list_set:
 	extra_ie = wpa_supplicant_extra_ies(wpa_s);
 
 #ifdef CONFIG_HS20
-	if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 6) == 0)
+	if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0)
 		wpas_hs20_add_indication(extra_ie);
 #endif /* CONFIG_HS20 */