> - if (sizeof(*cmd) + len > QTNF_MAX_CMD_BUF_SIZE) {
> + if (len > QTNF_MAX_CMD_BUF_SIZE) {
> pr_warn("VIF%u.%u: %u frame is too big: %zu\n", vif->mac->macid,
> vif->vifid, frame_type, len);
> return -E2BIG;
It looks like we need the following check here:
sizeof(struct qlink_tlv_ie_set) + len > QTNF_MAX_CMD_BUF_SIZE
