wifi: fix multi-link element subelement iteration

The subelements obviously start after the common data, including
the common multi-link element structure definition itself. This
bug was possibly just hidden by the higher bits of the control
being set to 0, so the iteration just found one bogus element
and most of the code could continue anyway.

Fixes: 0f48b8b88aa9 ("wifi: ieee80211: add definitions for multi-link element")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index a4e66d4bce86291500da3f721d6fbfb9a4a5600d..23a8a1e93aecb24a67b051eae2040a18aa7d82b0 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -4521,7 +4521,7 @@ static inline u8 ieee80211_mle_common_size(const u8 *data)
                return 0;
        }
 
-       return common + mle->variable[0];
+       return sizeof(*mle) + common + mle->variable[0];
 }
 
 /**