From 56ac1f9dfea5610e47964eb7280b8ded74929cad Mon Sep 17 00:00:00 2001
From: Avraham Stern <avraham.stern@intel.com>
Date: Wed, 3 Apr 2019 20:38:49 +0300
Subject: [PATCH] RRM: Set last beacon report indication in the last element
 only

The last beacon report indication was set in all the beacon report
elements in the last frame of the beacon report, while it should be
set only in the last beacon report element of the last frame.

Fixes: ecef0687dc33 ("RRM: Support for Last Beacon Report Indication subelement")
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
---
 wpa_supplicant/rrm.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
index ab5e6dbdb..cb3c6c995 100644
--- a/wpa_supplicant/rrm.c
+++ b/wpa_supplicant/rrm.c
@@ -397,7 +397,10 @@ static int wpas_rrm_beacon_rep_update_last_frame(u8 *pos, size_t len)
 	struct rrm_measurement_report_element *msr_rep;
 	u8 *end = pos + len;
 	u8 *msr_rep_end;
+	struct rrm_measurement_beacon_report *rep = NULL;
+	u8 *subelem;
 
+	/* Find the last beacon report element */
 	while (end - pos >= (int) sizeof(*msr_rep)) {
 		msr_rep = (struct rrm_measurement_report_element *) pos;
 		msr_rep_end = pos + msr_rep->len + 2;
@@ -410,30 +413,27 @@ static int wpas_rrm_beacon_rep_update_last_frame(u8 *pos, size_t len)
 			return -1;
 		}
 
-		if (msr_rep->type == MEASURE_TYPE_BEACON) {
-			struct rrm_measurement_beacon_report *rep;
-			u8 *subelem;
-
+		if (msr_rep->type == MEASURE_TYPE_BEACON)
 			rep = (struct rrm_measurement_beacon_report *)
 				msr_rep->variable;
-			subelem = rep->variable;
-			while (subelem + 2 < msr_rep_end &&
-			       subelem[0] !=
-			       WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION)
-				subelem += 2 + subelem[1];
-
-			if (subelem + 2 < msr_rep_end &&
-			    subelem[0] ==
-			    WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION &&
-			    subelem[1] == 1 &&
-			    subelem +
-			    BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN <= end)
-				subelem[2] = 1;
-		}
 
 		pos += pos[1] + 2;
 	}
 
+	if (!rep)
+		return 0;
+
+	subelem = rep->variable;
+	while (subelem + 2 < msr_rep_end &&
+	       subelem[0] != WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION)
+		subelem += 2 + subelem[1];
+
+	if (subelem + 2 < msr_rep_end &&
+	    subelem[0] == WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION &&
+	    subelem[1] == 1 &&
+	    subelem + BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN <= end)
+		subelem[2] = 1;
+
 	return 0;
 }
 
-- 
2.47.2