From 2f68051395593f732057b7ae8b0df5281dfd085c Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 15 Apr 2019 21:11:46 +0300 Subject: [PATCH] Fix hostapd BSS_TM_REQ handling of bss_term parameter The TSF field in BSS termination information was not cleared correctly. It was supposed to be cleared to all zeros, but the memset call did not point at offset 2; instead, it cleared it with 0x02 octets and also cleared the subelement header with 0x02 octets while leaving two last octets uninitialized. Fixes: a30dff07fb18 ("Add BSS_TM_REQ command to send BSS Transition Management Request") Signed-off-by: Jouni Malinen --- hostapd/ctrl_iface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index 78e52a6fe..e4b16e61a 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -883,7 +883,7 @@ static int hostapd_ctrl_iface_bss_tm_req(struct hostapd_data *hapd, /* TODO: TSF configurable/learnable */ bss_term_dur[0] = 4; /* Subelement ID */ bss_term_dur[1] = 10; /* Length */ - os_memset(bss_term_dur, 2, 8); + os_memset(&bss_term_dur[2], 0, 8); end = os_strchr(pos, ','); if (end == NULL) { wpa_printf(MSG_DEBUG, "Invalid bss_term data");