From: Jouni Malinen <j@w1.fi>
Date: Sun, 23 Feb 2025 14:14:50 +0000 (+0200)
Subject: Use pointer to Action frame body instead of Category field
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a90f2f7a80daf23fd5a179480d4c8f1c8548dee0;p=thirdparty%2Fhostap.git

Use pointer to Action frame body instead of Category field

This will hopefully silence some incorrect static analyzer warnings
about out-of-bounds reads since mgmt->u.action.category is an u8 while
this is really getting a pointer to that location in the Action frame
body and not just the 8-bit Category field.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 64b5b6bbf..01e07d5cf 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -6248,7 +6248,7 @@ static int hostapd_action_vs(struct hostapd_data *hapd,
 	const u8 *pos, *end;
 	u32 oui_type;
 
-	pos = &mgmt->u.action.category;
+	pos = (const u8 *) &mgmt->u.action;
 	end = ((const u8 *) mgmt) + len;
 
 	if (end - pos < 1 + 4)