projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8836faf)
staging: r8188eu: calculate the addba response length
authorMartin Kaiser <martin@kaiser.cx>
Thu, 2 Jun 2022 19:37:20 +0000 (21:37 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 6 Jun 2022 06:08:35 +0000 (08:08 +0200)
An addba response always ends with the timeout field. The length of the
addba response is the offset of the end of the timeout field in the struct
ieee80211_mgmt that defines the message.

Use offsetofend to calculate this offset and drop the intermediate pktlen
increments as we add addba response components.

Tested-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Link: https://lore.kernel.org/r/20220602193726.280922-6-martin@kaiser.cx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/r8188eu/core/rtw_mlme_ext.c patch | blob | history

diff --git a/drivers/staging/r8188eu/core/rtw_mlme_ext.c b/drivers/staging/r8188eu/core/rtw_mlme_ext.c
index 3b68440..55e347b 100644 (file)
--- a/drivers/staging/r8188eu/core/rtw_mlme_ext.c
+++ b/drivers/staging/r8188eu/core/rtw_mlme_ext.c
@@ -5441,18 +5441,14 @@ void issue_action_BA(struct adapter *padapter, unsigned char *raddr, unsigned ch
                break;
        case WLAN_ACTION_ADDBA_RESP:
                mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
-               pattrib->pktlen++;
                mgmt->u.action.u.addba_resp.dialog_token = pmlmeinfo->ADDBA_req.dialog_token;
-               pattrib->pktlen++;
                mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
-               pattrib->pktlen += 2;
                capab = le16_to_cpu(pmlmeinfo->ADDBA_req.BA_para_set) & 0x3f;
                capab |= u16_encode_bits(64, IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK);
                capab |= u16_encode_bits(pregpriv->ampdu_amsdu, IEEE80211_ADDBA_PARAM_AMSDU_MASK);
                mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab);
-               pattrib->pktlen += 2;
                mgmt->u.action.u.addba_resp.timeout = pmlmeinfo->ADDBA_req.BA_timeout_value;
-               pattrib->pktlen += 2;
+               pattrib->pktlen = offsetofend(struct ieee80211_mgmt, u.action.u.addba_resp.timeout);
                break;
        case WLAN_ACTION_DELBA:
                mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA;
Domain: System / Kernel;