* [PATCH net-next] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
@ 2018-01-18 2:23 Wei Yongjun
2018-01-19 0:38 ` Ben Hutchings
0 siblings, 1 reply; 2+ messages in thread
From: Wei Yongjun @ 2018-01-18 2:23 UTC (permalink / raw)
To: Johannes Berg, Kalle Valo, Ben Hutchings
Cc: Wei Yongjun, linux-wireless, kernel-janitors
'hwname' is malloced in hwsim_new_radio_nl() and should be freed
before leaving from the error handling cases, otherwise it will cause
memory leak.
Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
---
drivers/net/wireless/mac80211_hwsim.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index e542555..34052c1 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3155,8 +3155,10 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info)
if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) {
u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]);
- if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom))
+ if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) {
+ kfree(hwname);
return -EINVAL;
+ }
param.regd = hwsim_world_regdom_custom[idx];
}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
2018-01-18 2:23 [PATCH net-next] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Wei Yongjun
@ 2018-01-19 0:38 ` Ben Hutchings
0 siblings, 0 replies; 2+ messages in thread
From: Ben Hutchings @ 2018-01-19 0:38 UTC (permalink / raw)
To: Wei Yongjun, Johannes Berg, Kalle Valo; +Cc: linux-wireless, kernel-janitors
On Thu, 2018-01-18 at 02:23 +0000, Wei Yongjun wrote:
> 'hwname' is malloced in hwsim_new_radio_nl() and should be freed
> before leaving from the error handling cases, otherwise it will cause
> memory leak.
>
> Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length")
> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Not sure how I missed this case.
Ben.
> ---
> drivers/net/wireless/mac80211_hwsim.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
> index e542555..34052c1 100644
> --- a/drivers/net/wireless/mac80211_hwsim.c
> +++ b/drivers/net/wireless/mac80211_hwsim.c
> @@ -3155,8 +3155,10 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info)
> if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) {
> u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]);
>
> - if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom))
> + if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) {
> + kfree(hwname);
> return -EINVAL;
> + }
> param.regd = hwsim_world_regdom_custom[idx];
> }
>
>
--
Ben Hutchings
Software Developer, Codethink Ltd.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-01-19 0:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-18 2:23 [PATCH net-next] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Wei Yongjun
2018-01-19 0:38 ` Ben Hutchings
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).