Cumulative patch from commit 6590b6400f73762fc6a53ad6ca05a73246cc5e54
6590b64 EAP-TNC: Limit maximum message buffer to 75000 bytes (CID 62873)
49d13df P2P: Fix wfd_dev_info parsing for P2P-DEVICE-FOUND (CID 68127)
1851e17 dbus: Clean up P2P group vendor ext getter
137ff33 HS 2.0R2: Fix OSEN IE parsing for in cipher setup (CID 68132)
2703fb4 WNM: Use cleaner way of generating pointer to a field (CID 68100)
da995b2 WNM: Use cleaner way of generating pointer to a field (CID 68099)
062833c GAS server: Fix request frame length validation (CID 68098)
5ce3ae4 HT: Use cleaner way of generating pointer to a field (CID 68097)
fb5d417 P2P: Use cleaner way of generating pointer to a field (CID 68096)
35c0318 P2P: Use cleaner way of generating pointer to a field (CID 68095)
e987c70 dbus: Add explicit break statements to switch-default
6446420 dbus: Initialize temporary entry properly (CID 62877)
70d9537 Use clearer way of getting pointer to a frame (CID 62835)
c02f35f WPS: Clean up indentation level (CID 68109)
0e87e79 Fix HS20_GET_NAI_HOME_REALM_LIST hex length check (CID 68108)
beb9e11 dbus: Avoid theoretical memory leaks with duplicated dict entries
ceb4cd8 dbus: Fix a potential double-free in on error path (CID 62880)
68e2b88 TNC: Fix minor memory leak (CID 62848)
5519241 GAS: Limit TX wait time based on driver maximum value
a0ab408 P2P: Fix SD and DevDisc to limit maximum wait time per driver support
Change-Id: If9bdd7b9961c775e39ce1a8fb58220052434b395
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
index 8e5bdcb..cf25dbb 100644
--- a/src/ap/wnm_ap.c
+++ b/src/ap/wnm_ap.c
@@ -376,10 +376,9 @@
if (len < IEEE80211_HDRLEN + 2)
return -1;
- payload = &mgmt->u.action.category;
- payload++;
+ payload = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 1;
action = *payload++;
- plen = (((const u8 *) mgmt) + len) - payload;
+ plen = len - IEEE80211_HDRLEN - 2;
switch (action) {
case WNM_BSS_TRANS_MGMT_QUERY: