From 129b62165334394042a798648ab37965ea1f38dd Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Thu, 18 Jun 2015 17:01:02 +0300
Subject: [PATCH] P2PS: Fix P2P_FIND seek parameter parsing

Only the first seek=<service name> parameter was accepted from the
P2P_FIND command. Fix this to go through all seek parameters to
construct the list of service hash values to seek.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 wpa_supplicant/ctrl_iface.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 498439939..3a329174d 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -4597,16 +4597,20 @@ static int p2p_ctrl_find(struct wpa_supplicant *wpa_s, char *cmd)
 
 	/* Must be searched for last, because it adds nul termination */
 	pos = os_strstr(cmd, " seek=");
+	if (pos)
+		pos += 6;
 	while (pos && seek_count < P2P_MAX_QUERY_HASH + 1) {
 		char *term;
 
-		term = os_strchr(pos + 1, ' ');
-		_seek[seek_count++] = pos + 6;
+		_seek[seek_count++] = pos;
 		seek = _seek;
-		pos = os_strstr(pos + 6, " seek=");
-
-		if (term)
-			*term = '\0';
+		term = os_strchr(pos, ' ');
+		if (!term)
+			break;
+		*term = '\0';
+		pos = os_strstr(term + 1, "seek=");
+		if (pos)
+			pos += 5;
 	}
 	if (seek_count > P2P_MAX_QUERY_HASH) {
 		seek[0] = NULL;