From: Jouni Malinen <j@w1.fi>
Date: Thu, 12 Jun 2014 17:18:15 +0000 (+0300)
Subject: P2P: Use cleaner way of generating pointer to a field (CID 68096)
X-Git-Tag: hostap_2_3~319
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fb5d41717884a7c4db3e6a3e807351309c3b52b9;p=thirdparty%2Fhostap.git

P2P: Use cleaner way of generating pointer to a field (CID 68096)

The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 92fe7fe86..d10583b22 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -438,16 +438,14 @@ static int ap_vendor_action_rx(void *ctx, const u8 *buf, size_t len, int freq)
 #ifdef CONFIG_P2P
 	struct wpa_supplicant *wpa_s = ctx;
 	const struct ieee80211_mgmt *mgmt;
-	size_t hdr_len;
 
 	mgmt = (const struct ieee80211_mgmt *) buf;
-	hdr_len = (const u8 *) &mgmt->u.action.u.vs_public_action.action - buf;
-	if (hdr_len > len)
+	if (len < IEEE80211_HDRLEN + 1)
 		return -1;
 	wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid,
 			   mgmt->u.action.category,
-			   &mgmt->u.action.u.vs_public_action.action,
-			   len - hdr_len, freq);
+			   buf + IEEE80211_HDRLEN + 1,
+			   len - IEEE80211_HDRLEN - 1, freq);
 #endif /* CONFIG_P2P */
 	return 0;
 }