Merge "TDLS: Fix possible memory poisoning while processing tdls commands"
diff --git a/CORE/SME/src/csr/csrTdlsProcess.c b/CORE/SME/src/csr/csrTdlsProcess.c
index 9b33416..0bf09ef 100644
--- a/CORE/SME/src/csr/csrTdlsProcess.c
+++ b/CORE/SME/src/csr/csrTdlsProcess.c
@@ -119,6 +119,8 @@
             tTdlsSendMgmtCmdInfo *tdlsSendMgmtCmdInfo = 
                             &tdlsSendMgmtCmd->u.tdlsCmd.u.tdlsSendMgmtCmdInfo ;
 
+            vos_mem_zero(&tdlsSendMgmtCmd->u.tdlsCmd, sizeof(tTdlsCmd));
+
             tdlsSendMgmtCmd->sessionId = sessionId;
 
             tdlsSendMgmtCmdInfo->frameType = tdlsSendMgmt->frameType ;   
@@ -187,6 +189,8 @@
             tTdlsAddStaCmdInfo *tdlsAddStaCmdInfo =
                          &tdlsAddStaCmd->u.tdlsCmd.u.tdlsAddStaCmdInfo ;
 
+            vos_mem_zero(&tdlsAddStaCmd->u.tdlsCmd, sizeof(tTdlsCmd));
+
             tdlsAddStaCmdInfo->tdlsAddOper = TDLS_OPER_UPDATE;
 
             tdlsAddStaCmd->sessionId = sessionId;
@@ -253,6 +257,8 @@
             tTdlsLinkEstablishCmdInfo *tdlsLinkEstablishCmdInfo =
             &tdlsLinkEstablishCmd->u.tdlsCmd.u.tdlsLinkEstablishCmdInfo ;
 
+            vos_mem_zero(&tdlsLinkEstablishCmd->u.tdlsCmd, sizeof(tTdlsCmd));
+
             tdlsLinkEstablishCmd->sessionId = sessionId;
 
             vos_mem_copy( tdlsLinkEstablishCmdInfo->peerMac,
@@ -309,6 +315,8 @@
             tTdlsAddStaCmdInfo *tdlsAddStaCmdInfo = 
                 &tdlsAddStaCmd->u.tdlsCmd.u.tdlsAddStaCmdInfo ;
 
+            vos_mem_zero(&tdlsAddStaCmd->u.tdlsCmd, sizeof(tTdlsCmd));
+
             tdlsAddStaCmd->sessionId = sessionId;
             tdlsAddStaCmdInfo->tdlsAddOper = TDLS_OPER_ADD;
 
@@ -346,6 +354,8 @@
             tTdlsDelStaCmdInfo *tdlsDelStaCmdInfo = 
                             &tdlsDelStaCmd->u.tdlsCmd.u.tdlsDelStaCmdInfo ;
 
+            vos_mem_zero(&tdlsDelStaCmd->u.tdlsCmd, sizeof(tTdlsCmd));
+
             tdlsDelStaCmd->sessionId = sessionId;
 
             vos_mem_copy(tdlsDelStaCmdInfo->peerMac,
@@ -388,6 +398,8 @@
             tTdlsChanSwitchCmdInfo *tdlsChanSwitchCmdInfo =
             &tdlsChanSwitchCmd->u.tdlsCmd.u.tdlsChanSwitchCmdInfo;
 
+            vos_mem_zero(&tdlsChanSwitchCmd->u.tdlsCmd, sizeof(tTdlsCmd));
+
             tdlsChanSwitchCmd->sessionId = sessionId;
 
             vos_mem_copy(tdlsChanSwitchCmdInfo->peerMac,
@@ -427,6 +439,8 @@
             tTdlsDisReqCmdinfo *disReqCmdInfo = 
                             &tdlsDisReqCmd->u.tdlsCmd.u.tdlsDisReqCmdInfo ;
 
+            vos_mem_zero(&tdlsDisReqCmd->u.tdlsCmd, sizeof(tTdlsCmd));
+
             tdlsDisReqCmd->sessionId = sessionId;
 
             disReqCmdInfo->tdlsDisType = tdlsDisReq->disType ;   
@@ -461,6 +475,8 @@
            tTdlsLinkSetupReqCmdinfo *setupCmdInfo = 
                         &tdlsSetupReqCmd->u.tdlsCmd.u.tdlsLinkSetupReqCmdInfo ;
 
+            vos_mem_zero(&tdlsSetupReqCmd->u.tdlsCmd, sizeof(tTdlsCmd));
+
             tdlsSetupReqCmd->sessionId = sessionId;
 
             vos_mem_copy(setupCmdInfo->peerMac,
@@ -494,6 +510,8 @@
             tTdlsLinkTeardownCmdinfo *teardownCmdInfo = 
                    &tdlsTeardownReqCmd->u.tdlsCmd.u.tdlsLinkTeardownCmdInfo ;
 
+            vos_mem_zero(&tdlsTeardownReqCmd->u.tdlsCmd, sizeof(tTdlsCmd));
+
             tdlsTeardownReqCmd->sessionId = sessionId;
 
             vos_mem_copy(teardownCmdInfo->peerMac,
@@ -636,6 +654,8 @@
         VOS_ASSERT(0) ;
         return status ;
     }
+    vos_mem_set(tdlsAddStaReq, sizeof(tSirTdlsAddStaReq), 0);
+
     tdlsAddStaReq->sessionId = cmd->sessionId;
     tdlsAddStaReq->tdlsAddOper = tdlsAddStaCmdInfo->tdlsAddOper;
     //Using dialog as transactionId. This can be used to match response with request