Use pointer to Action frame body instead of Category field

This will hopefully silence some incorrect static analyzer warnings
about out-of-bounds reads since mgmt->u.action.category is an u8 while
this is really getting a pointer to that location in the Action frame
body and not just the 8-bit Category field.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 64b5b6bbfc17289018e83e4fd3cd865b4f44a6bf..01e07d5cfc772d7dd6ae9cea0ba9b3f8b25866d1 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -6248,7 +6248,7 @@ static int hostapd_action_vs(struct hostapd_data *hapd,
        const u8 *pos, *end;
        u32 oui_type;
 
-       pos = &mgmt->u.action.category;
+       pos = (const u8 *) &mgmt->u.action;
        end = ((const u8 *) mgmt) + len;
 
        if (end - pos < 1 + 4)