diff --git a/softap/sdk/qsap_api.c b/softap/sdk/qsap_api.c
index 6c13d60..5888e5b 100644
--- a/softap/sdk/qsap_api.c
+++ b/softap/sdk/qsap_api.c
@@ -1463,6 +1463,7 @@ void qsap_get_associated_sta_mac(s8 *presp, u32 *plen)
     u32 len = MAX_CONF_LINE_LEN;
     s8 *pif;
     s8 *pbuf, *pout;
+    u32 buflen;
     u32 recvLen;
     u32 tlen;
 
@@ -1482,7 +1483,9 @@ void qsap_get_associated_sta_mac(s8 *presp, u32 *plen)
         goto error;
     }
 
-    pbuf = (s8 *)malloc((MAX_STA_ALLOWED * 6) + 8);
+    /* response has length field + 6 bytes per STA */
+    buflen = sizeof(u32) + (MAX_STA_ALLOWED * 6);
+    pbuf = (s8 *)malloc(buflen);
     if(NULL == pbuf) {
         ALOGE("%s :No memory \n", __func__);
         close(sock);
@@ -1492,7 +1495,7 @@ void qsap_get_associated_sta_mac(s8 *presp, u32 *plen)
 
 #define SIZE_OF_MAC_INT   (6)
     strlcpy(wrq.ifr_name, pif, sizeof(wrq.ifr_name));
-    wrq.u.data.length = SIZE_OF_MAC_INT * 8 + 8; /** 8 supported MAC and 7 SPACE separators and a '\0' */
+    wrq.u.data.length = buflen;
     wrq.u.data.pointer = (void *)pbuf;
     wrq.u.data.flags = 0;
 
@@ -1504,13 +1507,14 @@ void qsap_get_associated_sta_mac(s8 *presp, u32 *plen)
         goto error;
     }
 
-    recvLen = *(unsigned long int *)(wrq.u.data.pointer);
+    recvLen = *(u32 *)(wrq.u.data.pointer);
+    recvLen -= sizeof(u32);
 
     len = qsap_scnprintf(presp, *plen, "%s %s=", SUCCESS, cmd_list[eCMD_ASSOC_STA_MACS].name);
     pout = presp + len;
     tlen = *plen - len;
 
-    qsap_mac_to_macstr(pbuf+sizeof(unsigned long int), recvLen, pout, &tlen);
+    qsap_mac_to_macstr(pbuf+sizeof(u32), recvLen, pout, &tlen);
 
     *plen = len + tlen;
 
@@ -3060,7 +3064,7 @@ int qsapsetSoftap(int argc, char *argv[])
 {
     char cmdbuf[CMD_BUF_LEN];
     char respbuf[RECV_BUF_LEN];
-    unsigned long int rlen = RECV_BUF_LEN;
+    u32 rlen = RECV_BUF_LEN;
     int i;
     int hidden = 0;
     int sec = SEC_MODE_NONE;