wlan: rrm: Fix Null pointer de-referencing of pCurMeasReqIe.

If the channel number provided in the Scan results is not matching
with the channel number requested for in beacon report request
by the AP, pCurMeasReqIe will be NULL> And the current code
de-references the measurement duration without NULL check.
Modified the code to do NULL check before accessing the
pCurMeasReqIe

Change-Id: I6f3b8ebd501cadb90a21847bd7c044bbbeb30448
CRs-Fixed: 600615

1 files changed, 4 insertions, 2 deletions

diff --git a/CORE/SME/src/rrm/sme_rrm.c b/CORE/SME/src/rrm/sme_rrm.c
index 8019c00e459a..b4fb9f4b9512 100644
--- a/CORE/SME/src/rrm/sme_rrm.c
+++ b/CORE/SME/src/rrm/sme_rrm.c
@@ -352,7 +352,8 @@ static eHalStatus sme_CcxSendBeaconReqScanResults(tpAniSirGlobal pMac,
                break;
            }
        }
-       pBcnReport->measurementToken = pCurMeasReqIe->measurementToken;
+       if(NULL != pCurMeasReqIe)
+           pBcnReport->measurementToken = pCurMeasReqIe->measurementToken;
        smsLog( pMac, LOG1, "Channel(%d) MeasToken(%d)", channel, pBcnReport->measurementToken);
 
        msgCounter=0;
@@ -364,7 +365,8 @@ static eHalStatus sme_CcxSendBeaconReqScanResults(tpAniSirGlobal pMac,
                ie_len = GET_IE_LEN_IN_BSS( pBssDesc->length );
                pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.ChanNum = pBssDesc->channelId;
                pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.Spare = 0;
-               pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.MeasDuration = pCurMeasReqIe->measurementDuration;
+               if(NULL != pCurMeasReqIe)
+                   pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.MeasDuration = pCurMeasReqIe->measurementDuration;
                pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.PhyType = pBssDesc->nwType;
                pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.RecvSigPower = pBssDesc->rssi;
                pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.ParentTsf = pBssDesc->parentTSF;