iw: scan: fix buffer over-read in print_p2p

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Link: https://lore.kernel.org/r/20200209165902.44110-7-markus.theil@tu-ilmenau.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/scan.c b/scan.c
index 2114cfe72a266583e5d5058e8337a5a7f3a583db..fd49038e62f4c43ce13b4449da1e7cc89563a382 100644 (file)
--- a/scan.c
+++ b/scan.c
@@ -2045,7 +2045,7 @@ static inline void print_p2p(const uint8_t type, uint8_t len,
                case 0x12: /* invitation flags */
                case 0xdd: /* vendor specific */
                default: {
-                       const __u8 *subdata = data + 4;
+                       const __u8 *subdata = data + 3;
                        __u16 tmplen = sublen;
 
                        tab_on_first(&first);