From ef60f643ec50a3746b47aede5ae9f52410c7aa8e Mon Sep 17 00:00:00 2001
From: Roshan Pius <rpius@google.com>
Date: Thu, 30 Jun 2016 15:26:07 -0700
Subject: [PATCH] Do not exceed scan ssid max size advertised by driver

Previously, wpa_set_scan_ssids() fully exhausted
wpa_driver_scan_params.ssid list when hidden network IDs are provided
via the control interface. This results in us exceeding the max size for
the list advertised by the driver when we add the "wildcard" scan SSID
entry. So, ensure that we leave space for one more scan SSID entry in
the list when we exit out of wpa_set_scan_ssids().

Signed-off-by: Roshan Pius <rpius@google.com>
---
 wpa_supplicant/scan.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 6ade9af..119da28 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -588,6 +588,12 @@ static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s,
 	unsigned int i;
 	struct wpa_ssid *ssid;
 
+	/*
+	 * For devices with max_ssids greater than 1, leave the last slot empty
+	 * for adding the wildcard scan entry.
+	 */
+	max_ssids = max_ssids > 1 ? max_ssids - 1 : max_ssids;
+
 	for (i = 0; i < wpa_s->scan_id_count; i++) {
 		unsigned int j;
 
-- 
2.1.4