Commit c67eea0c authored by Martin Kaiser's avatar Martin Kaiser Committed by Greg Kroah-Hartman
Browse files

staging: r8188eu: calculate the addba response length 



An addba response always ends with the timeout field. The length of the
addba response is the offset of the end of the timeout field in the struct
ieee80211_mgmt that defines the message.

Use offsetofend to calculate this offset and drop the intermediate pktlen
increments as we add addba response components.

Tested-by: default avatarPavel Skripkin <paskripkin@gmail.com>
Signed-off-by: default avatarMartin Kaiser <martin@kaiser.cx>
Link: https://lore.kernel.org/r/20220602193726.280922-6-martin@kaiser.cx


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 8836faf7

drivers/staging/r8188eu/core/rtw_mlme_ext.c

+1 −5
Original line number Diff line number Diff line
@@ -5441,18 +5441,14 @@ void issue_action_BA(struct adapter *padapter, unsigned char *raddr, unsigned ch 
		break;

	case WLAN_ACTION_ADDBA_RESP:

		mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;

		pattrib->pktlen++;

		mgmt->u.action.u.addba_resp.dialog_token = pmlmeinfo->ADDBA_req.dialog_token;

		pattrib->pktlen++;

		mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);

		pattrib->pktlen += 2;

		capab = le16_to_cpu(pmlmeinfo->ADDBA_req.BA_para_set) & 0x3f;

		capab |= u16_encode_bits(64, IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK);

		capab |= u16_encode_bits(pregpriv->ampdu_amsdu, IEEE80211_ADDBA_PARAM_AMSDU_MASK);

		mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab);

		pattrib->pktlen += 2;

		mgmt->u.action.u.addba_resp.timeout = pmlmeinfo->ADDBA_req.BA_timeout_value;

		pattrib->pktlen += 2;

		pattrib->pktlen = offsetofend(struct ieee80211_mgmt, u.action.u.addba_resp.timeout);

		break;

	case WLAN_ACTION_DELBA:

		mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA;