qcacld-3.0: Make data length as zero whenever we free the data qcacld-2.0 to qcacld-3.0 propagation In limSendSmeJoinReassocRsp API, assoc req, assoc rsp, ricData, tspecIes are sent to SME layer if corresponding pointer in psessionEntry is not NULL. There is bug here where the pointer is NULL but the length is non zero. Because of this data is copied at incorrect offset and data at SME layer is not at right offset leading to corrupted IE in next re-assoc request. Fix this by making length as zero whenever we free the data. Change-Id: I4ba4ff49e56bc2f2758d869eae8ff9370b0c0489 CRs-Fixed: 932712

commit: 3b8ba61288b3100d22b888ab0e65286f7696f5b0 [log] [tgz]
author: Sreelakshmi Konamki <c_skonam@qti.qualcomm.com> Wed Dec 02 18:13:22 2015 +0530
committer: Akash Patel <akashp@codeaurora.org> Mon Feb 08 15:50:34 2016 -0800
tree: 099043691c07cd76b0721723a7fb3e5420aaf5d5
parent: d6641d8473de64e417ec8b51dd6cecd560730152 [diff] [blame]
diff --git a/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c b/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c
index 326dfc7..470f119 100644
--- a/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c
+++ b/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c

@@ -271,48 +271,53 @@
 				sme_join_rsp->beaconLength);
 			cdf_mem_free(session_entry->beacon);
 			session_entry->beacon = NULL;
+			session_entry->bcnLen = 0;
 #ifdef WLAN_FEATURE_VOWIFI_11R_DEBUG
 			lim_log(mac_ctx, LOG1, FL("Beacon=%d"),
-				session_entry->bcnLen);
+				sme_join_rsp->beaconLength);
 #endif
 		}
 		if (session_entry->assocReq != NULL) {
 			sme_join_rsp->assocReqLength =
 				session_entry->assocReqLen;
 			cdf_mem_copy(sme_join_rsp->frames +
-				session_entry->bcnLen, session_entry->assocReq,
+				sme_join_rsp->beaconLength,
+				session_entry->assocReq,
 				sme_join_rsp->assocReqLength);
 			cdf_mem_free(session_entry->assocReq);
 			session_entry->assocReq = NULL;
+			session_entry->assocReqLen = 0;
 #ifdef WLAN_FEATURE_VOWIFI_11R_DEBUG
 			lim_log(mac_ctx,
 				LOG1, FL("AssocReq=%d"),
-				session_entry->assocReqLen);
+				sme_join_rsp->assocReqLength);
 #endif
 		}
 		if (session_entry->assocRsp != NULL) {
 			sme_join_rsp->assocRspLength =
 				session_entry->assocRspLen;
 			cdf_mem_copy(sme_join_rsp->frames +
-				session_entry->bcnLen +
-				session_entry->assocReqLen,
+				sme_join_rsp->beaconLength +
+				sme_join_rsp->assocReqLength,
 				session_entry->assocRsp,
 				sme_join_rsp->assocRspLength);
 			cdf_mem_free(session_entry->assocRsp);
 			session_entry->assocRsp = NULL;
+			session_entry->assocRspLen = 0;
 		}
 #ifdef WLAN_FEATURE_VOWIFI_11R
 		if (session_entry->ricData != NULL) {
 			sme_join_rsp->parsedRicRspLen =
 				session_entry->RICDataLen;
 			cdf_mem_copy(sme_join_rsp->frames +
-				session_entry->bcnLen +
-				session_entry->assocReqLen +
-				session_entry->assocRspLen,
+				sme_join_rsp->beaconLength +
+				sme_join_rsp->assocReqLength +
+				sme_join_rsp->assocRspLength,
 				session_entry->ricData,
 				sme_join_rsp->parsedRicRspLen);
 			cdf_mem_free(session_entry->ricData);
 			session_entry->ricData = NULL;
+			session_entry->RICDataLen = 0;
 			lim_log(mac_ctx, LOG1, FL("RicLength=%d"),
 				sme_join_rsp->parsedRicRspLen);
 		}
@@ -322,22 +327,23 @@
 			sme_join_rsp->tspecIeLen =
 				session_entry->tspecLen;
 			cdf_mem_copy(sme_join_rsp->frames +
-				session_entry->bcnLen +
-				session_entry->assocReqLen +
-				session_entry->assocRspLen +
-				session_entry->RICDataLen,
+				sme_join_rsp->beaconLength +
+				sme_join_rsp->assocReqLength +
+				sme_join_rsp->assocRspLength +
+				sme_join_rsp->parsedRicRspLen,
 				session_entry->tspecIes,
 				sme_join_rsp->tspecIeLen);
 			cdf_mem_free(session_entry->tspecIes);
 			session_entry->tspecIes = NULL;
+			session_entry->tspecLen = 0;
 			lim_log(mac_ctx, LOG1, FL("ESE-TspecLen=%d"),
-				session_entry->tspecLen);
+				sme_join_rsp->tspecIeLen);
 		}
 #endif
 		sme_join_rsp->aid = session_entry->limAID;
 #ifdef WLAN_FEATURE_VOWIFI_11R_DEBUG
 		lim_log(mac_ctx, LOG1, FL("AssocRsp=%d"),
-			session_entry->assocRspLen);
+			sme_join_rsp->assocRspLength);
 #endif
 		sme_join_rsp->vht_channel_width =
 			session_entry->ch_width;
@@ -367,25 +373,30 @@
 		if (session_entry->beacon != NULL) {
 			cdf_mem_free(session_entry->beacon);
 			session_entry->beacon = NULL;
+			session_entry->bcnLen = 0;
 		}
 		if (session_entry->assocReq != NULL) {
 			cdf_mem_free(session_entry->assocReq);
 			session_entry->assocReq = NULL;
+			session_entry->assocReqLen = 0;
 		}
 		if (session_entry->assocRsp != NULL) {
 			cdf_mem_free(session_entry->assocRsp);
 			session_entry->assocRsp = NULL;
+			session_entry->assocRspLen = 0;
 		}
 #ifdef WLAN_FEATURE_VOWIFI_11R
 		if (session_entry->ricData != NULL) {
 			cdf_mem_free(session_entry->ricData);
 			session_entry->ricData = NULL;
+			session_entry->RICDataLen = 0;
 		}
 #endif
 #ifdef FEATURE_WLAN_ESE
 		if (session_entry->tspecIes != NULL) {
 			cdf_mem_free(session_entry->tspecIes);
 			session_entry->tspecIes = NULL;
+			session_entry->tspecLen = 0;
 		}
 #endif
 	}
commit	3b8ba61288b3100d22b888ab0e65286f7696f5b0	[log] [tgz]
author	Sreelakshmi Konamki <c_skonam@qti.qualcomm.com>	Wed Dec 02 18:13:22 2015 +0530
committer	Akash Patel <akashp@codeaurora.org>	Mon Feb 08 15:50:34 2016 -0800
tree	099043691c07cd76b0721723a7fb3e5420aaf5d5
parent	d6641d8473de64e417ec8b51dd6cecd560730152 [diff] [blame]