[PATCH v2] nl80211: Fix frequencies array boundary check

[Andrei Otcheretianski]

From: Avraham Stern <avraham.stern at intel.com>

The number of frequencies is increased before the boundary check,
thus it should be allowed to be equal to the number of elements in
the array.
In addition, add the missing byte for the NULL terminator.

Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
 src/drivers/driver_nl80211_event.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index e3fcb44022..3a2faf63e5 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -1717,7 +1717,7 @@ static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
 		}
 	}
 	if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
-		char msg[MAX_REPORT_FREQS * 5], *pos, *end;
+		char msg[MAX_REPORT_FREQS * 5 + 1], *pos, *end;
 		int res;
 
 		pos = msg;
@@ -1732,7 +1732,7 @@ static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
 			if (!os_snprintf_error(end - pos, res))
 				pos += res;
 			num_freqs++;
-			if (num_freqs == MAX_REPORT_FREQS - 1)
+			if (num_freqs == MAX_REPORT_FREQS)
 				break;
 		}
 		info->freqs = freqs;
-- 
2.38.1