Re: [PATCH] staging: r8188eu: fix a memory leak in rtw_mp_pwrtrk()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Jianglei Nie <niejianglei2021@163.com>
Cc: Larry.Finger@lwfinger.net, phil@philpotter.co.uk,
	straube.linux@gmail.com, martin@kaiser.cx,
	linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] staging: r8188eu: fix a memory leak in rtw_mp_pwrtrk()
Date: Thu, 9 Dec 2021 08:56:08 +0100	[thread overview]
Message-ID: <YbG2mDYHqjb5AYGG@kroah.com> (raw)
In-Reply-To: <20211209071905.125440-1-niejianglei2021@163.com>

On Thu, Dec 09, 2021 at 03:19:05PM +0800, Jianglei Nie wrote:
> Line 5961 (#1) allocates a memory chunk for input by kmalloc().
> Line 5966 (#2), line 5982 (#4) and line 5987 (#5) free the input
> before the function returns while line 5979 (#3) forget to free it,
> which will lead to a memory leak.
> 
> We should kfree() input in line 5979 (#3).
> 
> 5953 static int rtw_mp_pwrtrk(struct net_device *dev,
> 5954 			struct iw_request_info *info,
> 5955 			struct iw_point *wrqu, char *extra)
> 5956 {
> 5961 	char	*input = kmalloc(wrqu->length, GFP_KERNEL);
> 	// #1: kmalloc space
> 5963 	if (!input)
> 5964 		return -ENOMEM;
> 5965 	if (copy_from_user(input, wrqu->pointer, wrqu->length)) {
> 5966 		kfree(input); // #2: kfree space
> 5967 		return -EFAULT;
> 5968	}
> 
> 5973	if (strncmp(input, "stop", 4) == 0) {
> 5974		enable = 0;
> 5975		sprintf(extra, "mp tx power tracking stop");
> 5976	} else if (sscanf(input, "ther =%d", &thermal)) {
> 5977		ret = Hal_SetThermalMeter(padapter, (u8)thermal);
> 5978		if (ret == _FAIL)
> 5979			return -EPERM; // #3: missing kfree
> 5980		sprintf(extra, "mp tx power tracking start,
> 			target value =%d ok ", thermal);
> 5981	} else {
> 5982		kfree(input); // #4: kfree space
> 5983		return -EINVAL;
> 5984	}
> 
> 5987	kfree(input); // #5: kfree space
> 
> 5993	return 0;
> 5994 }
> 
> Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
> ---
>  drivers/staging/r8188eu/os_dep/ioctl_linux.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> index 1fd375076001..8f9e0f12c51f 100644
> --- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> +++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> @@ -5975,8 +5975,10 @@ static int rtw_mp_pwrtrk(struct net_device *dev,
>  			sprintf(extra, "mp tx power tracking stop");
>  		} else if (sscanf(input, "ther =%d", &thermal)) {
>  				ret = Hal_SetThermalMeter(padapter, (u8)thermal);
> -				if (ret == _FAIL)
> +				if (ret == _FAIL) {
> +					kfree(input);
>  					return -EPERM;
> +				}
>  				sprintf(extra, "mp tx power tracking start, target value =%d ok ", thermal);
>  		} else {
>  			kfree(input);

What kernel tree and version did you make this patch against?  I do not
even see this function in Linus's tree, nor in my staging-next
development branch.

confused,

greg k-h

next prev parent reply	other threads:[~2021-12-09  7:56 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-09  7:19 [PATCH] staging: r8188eu: fix a memory leak in rtw_mp_pwrtrk() Jianglei Nie
2021-12-09  7:56 ` Greg KH [this message]
  -- strict thread matches above, loose matches on Subject: below --
2021-12-09 13:25 Jianglei Nie
2021-12-09 14:28 ` Dan Carpenter
2021-12-09 15:08 ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YbG2mDYHqjb5AYGG@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=Larry.Finger@lwfinger.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-staging@lists.linux.dev \
    --cc=martin@kaiser.cx \
    --cc=niejianglei2021@163.com \
    --cc=phil@philpotter.co.uk \
    --cc=straube.linux@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.