From: Avraham Stern <avraham.stern@intel.com>
Date: Wed, 3 Apr 2019 17:38:49 +0000 (+0300)
Subject: RRM: Set last beacon report indication in the last element only
X-Git-Tag: hostap_2_8~93
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=56ac1f9dfea5610e47964eb7280b8ded74929cad;p=thirdparty%2Fhostap.git

RRM: Set last beacon report indication in the last element only

The last beacon report indication was set in all the beacon report
elements in the last frame of the beacon report, while it should be
set only in the last beacon report element of the last frame.

Fixes: ecef0687dc33 ("RRM: Support for Last Beacon Report Indication subelement")
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
---

diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
index ab5e6dbdb..cb3c6c995 100644
--- a/wpa_supplicant/rrm.c
+++ b/wpa_supplicant/rrm.c
@@ -397,7 +397,10 @@ static int wpas_rrm_beacon_rep_update_last_frame(u8 *pos, size_t len)
 	struct rrm_measurement_report_element *msr_rep;
 	u8 *end = pos + len;
 	u8 *msr_rep_end;
+	struct rrm_measurement_beacon_report *rep = NULL;
+	u8 *subelem;
 
+	/* Find the last beacon report element */
 	while (end - pos >= (int) sizeof(*msr_rep)) {
 		msr_rep = (struct rrm_measurement_report_element *) pos;
 		msr_rep_end = pos + msr_rep->len + 2;
@@ -410,30 +413,27 @@ static int wpas_rrm_beacon_rep_update_last_frame(u8 *pos, size_t len)
 			return -1;
 		}
 
-		if (msr_rep->type == MEASURE_TYPE_BEACON) {
-			struct rrm_measurement_beacon_report *rep;
-			u8 *subelem;
-
+		if (msr_rep->type == MEASURE_TYPE_BEACON)
 			rep = (struct rrm_measurement_beacon_report *)
 				msr_rep->variable;
-			subelem = rep->variable;
-			while (subelem + 2 < msr_rep_end &&
-			       subelem[0] !=
-			       WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION)
-				subelem += 2 + subelem[1];
-
-			if (subelem + 2 < msr_rep_end &&
-			    subelem[0] ==
-			    WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION &&
-			    subelem[1] == 1 &&
-			    subelem +
-			    BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN <= end)
-				subelem[2] = 1;
-		}
 
 		pos += pos[1] + 2;
 	}
 
+	if (!rep)
+		return 0;
+
+	subelem = rep->variable;
+	while (subelem + 2 < msr_rep_end &&
+	       subelem[0] != WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION)
+		subelem += 2 + subelem[1];
+
+	if (subelem + 2 < msr_rep_end &&
+	    subelem[0] == WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION &&
+	    subelem[1] == 1 &&
+	    subelem + BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN <= end)
+		subelem[2] = 1;
+
 	return 0;
 }