From 9f5db347f079b68efe2cca677df8be7b3b830e9c Mon Sep 17 00:00:00 2001
From: Johan Hedberg <johan.hedberg@intel.com>
Date: Fri, 13 Jan 2012 02:03:48 +0200
Subject: [PATCH] eir: Fix modifying field_len when parsing

The field_len variable shouldn't be touched for the over-all parsing
state to remain consistent and so a helper variable (name_len) is needed
after all.
---
 src/eir.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/eir.c b/src/eir.c
index fb9c7607f..1b6894900 100644
--- a/src/eir.c
+++ b/src/eir.c
@@ -119,6 +119,7 @@ int eir_parse(struct eir_data *eir, uint8_t *eir_data, uint8_t eir_len)
 
 	while (len < eir_len - 1) {
 		uint8_t field_len = eir_data[0];
+		uint8_t name_len;
 
 		/* Check for the end of EIR */
 		if (field_len == 0)
@@ -156,11 +157,13 @@ int eir_parse(struct eir_data *eir, uint8_t *eir_data, uint8_t eir_len)
 		case EIR_NAME_COMPLETE:
 			/* Some vendors put a NUL byte terminator into
 			 * the name */
-			while (field_len > 1 && eir_data[field_len] == '\0')
-				field_len--;
+			name_len = field_len - 1;
+
+			while (name_len > 0 && eir_data[name_len - 1] == '\0')
+				name_len--;
 
 			if (!g_utf8_validate((char *) &eir_data[2],
-							field_len - 1, NULL))
+								name_len, NULL))
 				break;
 
 			g_free(eir->name);
-- 
2.47.3