Revert "Revert "[wpa_supplicant] cumilative patch from commit 3a..."
Revert submission 28102966-revert-26533062-Supplicant_merge_June24-CUATTSRBBR
Reason for revert: Fixed the regression issue (ag/28389573)
Reverted changes: /q/submissionid:28102966-revert-26533062-Supplicant_merge_June24-CUATTSRBBR
Bug: 329004037
Test: Turn ON/OFF SoftAp multiple times
Change-Id: Ibfff2a847be5678f1a6d77e28506a05936812a91
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index d897e0e..c82fd0e 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -1329,8 +1329,7 @@
if (fte_len < 255) {
res = wpa_ft_parse_fte(key_mgmt, fte, fte_len, parse);
} else {
- parse->fte_buf = ieee802_11_defrag_data(fte, fte_len,
- false);
+ parse->fte_buf = ieee802_11_defrag(fte, fte_len, false);
if (!parse->fte_buf)
goto fail;
res = wpa_ft_parse_fte(key_mgmt,
@@ -2894,7 +2893,7 @@
}
-int wpa_insert_pmkid(u8 *ies, size_t *ies_len, const u8 *pmkid)
+int wpa_insert_pmkid(u8 *ies, size_t *ies_len, const u8 *pmkid, bool replace)
{
u8 *start, *end, *rpos, *rend;
int added = 0;
@@ -2957,12 +2956,12 @@
if (rend - rpos < 2)
return -1;
num_pmkid = WPA_GET_LE16(rpos);
+ if (num_pmkid * PMKID_LEN > rend - rpos - 2)
+ return -1;
/* PMKID-Count was included; use it */
- if (num_pmkid != 0) {
+ if (replace && num_pmkid != 0) {
u8 *after;
- if (num_pmkid * PMKID_LEN > rend - rpos - 2)
- return -1;
/*
* PMKID may have been included in RSN IE in
* (Re)Association Request frame, so remove the old
@@ -2975,8 +2974,9 @@
os_memmove(rpos + 2, after, end - after);
start[1] -= num_pmkid * PMKID_LEN;
added -= num_pmkid * PMKID_LEN;
+ num_pmkid = 0;
}
- WPA_PUT_LE16(rpos, 1);
+ WPA_PUT_LE16(rpos, num_pmkid + 1);
rpos += 2;
os_memmove(rpos + PMKID_LEN, rpos, end + added - rpos);
os_memcpy(rpos, pmkid, PMKID_LEN);