From 8c43ef8449bd4d2d0983db394770bd73f572b12d Mon Sep 17 00:00:00 2001 From: "Stepanov, Max" Date: Tue, 23 Jun 2015 13:47:59 +0000 Subject: [PATCH] P2PS: Fix attribute addition in p2p_buf_add_service_instance() Fix a condition when Advertised Service Info Attribute is added to a probe response in p2p_buf_add_service_instance(). The issue is that a 'found' value is increased even if 'test' and 'adv->hash' hashes are different. As result 'found' may have a non-zero value when an attribute data length is 0. In this cause an empty attribute is about to be added. Fixing it by eliminating 'found' and checking 'total_len' containing a real number of bytes added to Advertised Service Info Attribute. This fixes an issue from commit 50a9efe713df135e98f2229f67faa1a3d7243693 ('P2PS: Fix Probe Response frame building in error cases'). Signed-off-by: Max Stepanov --- src/p2p/p2p_build.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/p2p/p2p_build.c b/src/p2p/p2p_build.c index 6b6e77017..c733543c4 100644 --- a/src/p2p/p2p_build.c +++ b/src/p2p/p2p_build.c @@ -557,7 +557,7 @@ void p2p_buf_add_service_instance(struct wpabuf *buf, struct p2p_data *p2p, struct p2ps_advertisement *adv_list) { struct p2ps_advertisement *adv; - int p2ps_wildcard, found = 0; + int p2ps_wildcard; size_t total_len; struct wpabuf *tmp_buf = NULL; u8 *pos, *attr_len, *ie_len = NULL; @@ -593,7 +593,6 @@ void p2p_buf_add_service_instance(struct wpabuf *buf, struct p2p_data *p2p, /* org.wi-fi.wfds match found */ p2p_buf_add_service_info(tmp_buf, p2p, 0, 0, P2PS_WILD_HASH_STR, &ie_len, &pos, &total_len, attr_len); - found++; } /* add advertised service info of matching services */ @@ -613,12 +612,12 @@ void p2p_buf_add_service_instance(struct wpabuf *buf, struct p2p_data *p2p, &total_len, attr_len)) break; - found++; + test += P2PS_HASH_LEN; } } - if (found) + if (total_len) wpabuf_put_buf(buf, tmp_buf); wpabuf_free(tmp_buf); }