wifi: fix multi-link element subelement iteration

The subelements obviously start after the common data, including
the common multi-link element structure definition itself. This
bug was possibly just hidden by the higher bits of the control
being set to 0, so the iteration just found one bogus element
and most of the code could continue anyway.

Fixes: 0f48b8b88aa9 ("wifi: ieee80211: add definitions for multi-link element")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index f51e939..6252f02 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -4593,7 +4593,7 @@ static inline u8 ieee80211_mle_common_size(const u8 *data)
                return 0;
        }
 
-       return common + mle->variable[0];
+       return sizeof(*mle) + common + mle->variable[0];
 }
 
 /**