P2P: Use cleaner way of generating pointer to a field (CID 68096)

The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 92fe7fe86db44e7696487f69d8a4798719104a87..d10583b22b5b7280c83fc50d38e7d7917c7b80c4 100644 (file)
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -438,16 +438,14 @@ static int ap_vendor_action_rx(void *ctx, const u8 *buf, size_t len, int freq)
 #ifdef CONFIG_P2P
        struct wpa_supplicant *wpa_s = ctx;
        const struct ieee80211_mgmt *mgmt;
-       size_t hdr_len;
 
        mgmt = (const struct ieee80211_mgmt *) buf;
-       hdr_len = (const u8 *) &mgmt->u.action.u.vs_public_action.action - buf;
-       if (hdr_len > len)
+       if (len < IEEE80211_HDRLEN + 1)
                return -1;
        wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid,
                           mgmt->u.action.category,
-                          &mgmt->u.action.u.vs_public_action.action,
-                          len - hdr_len, freq);
+                          buf + IEEE80211_HDRLEN + 1,
+                          len - IEEE80211_HDRLEN - 1, freq);
 #endif /* CONFIG_P2P */
        return 0;
 }