From da995b2e11f10c6e643d0a2ce43f24e81dd78dae Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 12 Jun 2014 22:36:02 +0300 Subject: [PATCH] WNM: Use cleaner way of generating pointer to a field (CID 68099) The Action code field is in a fixed location, so the IEEE80211_HDRLEN can be used here to clean up bounds checking to avoid false reports from static analyzer. Signed-off-by: Jouni Malinen --- src/ap/wnm_ap.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c index 8e5bdcb06..cf25dbb68 100644 --- a/src/ap/wnm_ap.c +++ b/src/ap/wnm_ap.c @@ -376,10 +376,9 @@ int ieee802_11_rx_wnm_action_ap(struct hostapd_data *hapd, if (len < IEEE80211_HDRLEN + 2) return -1; - payload = &mgmt->u.action.category; - payload++; + payload = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 1; action = *payload++; - plen = (((const u8 *) mgmt) + len) - payload; + plen = len - IEEE80211_HDRLEN - 2; switch (action) { case WNM_BSS_TRANS_MGMT_QUERY: