staging: r8188eu: read back action code from ieee80211_mgmt

Read the back action code from struct ieee80211_mgmt.

struct ieee80211_mgmt contains an "action" union. Each of its members
starts with an 8-bit action code. Treat the union as addba_req when we
read the action code although we do not yet know if it is an addba_req.
This approach is similar to ieee80211_iface_process_skb.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Link: https://lore.kernel.org/r/20220508161451.115847-6-martin@kaiser.cx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/r8188eu/core/rtw_mlme_ext.c b/drivers/staging/r8188eu/core/rtw_mlme_ext.c
index 2a7b85a..8a9236b 100644 (file)
--- a/drivers/staging/r8188eu/core/rtw_mlme_ext.c
+++ b/drivers/staging/r8188eu/core/rtw_mlme_ext.c
@@ -1471,7 +1471,6 @@ unsigned int OnAction_back(struct adapter *padapter, struct recv_frame *precv_fr
        struct sta_info *psta = NULL;
        struct recv_reorder_ctrl *preorder_ctrl;
        unsigned char           *frame_body;
-       unsigned char           action;
        unsigned short  tid, status;
        struct mlme_ext_priv    *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info    *pmlmeinfo = &pmlmeext->mlmext_info;
@@ -1494,8 +1493,8 @@ unsigned int OnAction_back(struct adapter *padapter, struct recv_frame *precv_fr
 
        if (!pmlmeinfo->HT_enable)
                return _SUCCESS;
-       action = frame_body[1];
-       switch (action) {
+       /* All union members start with an action code, it's ok to use addba_req. */
+       switch (mgmt->u.action.u.addba_req.action_code) {
        case WLAN_ACTION_ADDBA_REQ:
                memcpy(&pmlmeinfo->ADDBA_req, &frame_body[2], sizeof(struct ADDBA_request));
                process_addba_req(padapter, (u8 *)&pmlmeinfo->ADDBA_req, mgmt->sa);