From fcd168478749251350d3d117eefa57dc3d5553ae Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 25 Nov 2011 18:12:04 +0200
Subject: [PATCH] Fix sched_scan filter setting for max_match_sets == 0

The previous implementation was trying to add the first SSID
to a zero-length array. Avoid this with an explicit validation
of the array length.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
---
 wpa_supplicant/scan.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index b902692c6..9335589d6 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -755,7 +755,8 @@ int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s)
 			continue;
 		}
 
-		if (params.filter_ssids && ssid->ssid && ssid->ssid_len) {
+		if (params.num_filter_ssids < wpa_s->max_match_sets &&
+		    params.filter_ssids && ssid->ssid && ssid->ssid_len) {
 			wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s",
 				wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
 			os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid,