* [PATCH] wifi: cfg80211: fix memory leak in query_regdb_file()
@ 2022-10-19 11:44 Arend van Spriel
2022-10-24 9:49 ` Kalle Valo
0 siblings, 1 reply; 3+ messages in thread
From: Arend van Spriel @ 2022-10-19 11:44 UTC (permalink / raw)
To: Johannes Berg, arend.vanspriel; +Cc: linux-wireless, Arend van Spriel
In the function query_regdb_file() the alpha2 parameter is duplicated
using kmemdup() and subsequently freed in regdb_fw_cb(). However,
request_firmware_nowait() can fail without calling regdb_fw_cb() and
thus leak memory.
Fixes: 007f6c5e6eb4 ("cfg80211: support loading regulatory database as
firmware file")
Signed-off-by: Arend van Spriel <aspriel@gmail.com>
---
net/wireless/reg.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index ec25924a1c26..f629c2e15fea 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1080,6 +1080,8 @@ static void regdb_fw_cb(const struct firmware
*fw, void *context)
static int query_regdb_file(const char *alpha2)
{
+ int err;
+
ASSERT_RTNL();
if (regdb)
@@ -1089,9 +1091,13 @@ static int query_regdb_file(const char *alpha2)
if (!alpha2)
return -ENOMEM;
- return request_firmware_nowait(THIS_MODULE, true, "regulatory.db",
- ®_pdev->dev, GFP_KERNEL,
- (void *)alpha2, regdb_fw_cb);
+ err = request_firmware_nowait(THIS_MODULE, true, "regulatory.db",
+ ®_pdev->dev, GFP_KERNEL,
+ (void *)alpha2, regdb_fw_cb);
+ if (err)
+ kfree(alpha2);
+
+ return err;
}
int reg_reload_regdb(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] wifi: cfg80211: fix memory leak in query_regdb_file() 2022-10-19 11:44 [PATCH] wifi: cfg80211: fix memory leak in query_regdb_file() Arend van Spriel @ 2022-10-24 9:49 ` Kalle Valo 2022-10-25 8:54 ` Arend van Spriel 0 siblings, 1 reply; 3+ messages in thread From: Kalle Valo @ 2022-10-24 9:49 UTC (permalink / raw) To: Arend van Spriel; +Cc: Johannes Berg, arend.vanspriel, linux-wireless Arend van Spriel <aspriel@gmail.com> writes: > In the function query_regdb_file() the alpha2 parameter is duplicated > using kmemdup() and subsequently freed in regdb_fw_cb(). However, > request_firmware_nowait() can fail without calling regdb_fw_cb() and > thus leak memory. > > Fixes: 007f6c5e6eb4 ("cfg80211: support loading regulatory database as > firmware file") The fixes tag should be in one line. -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] wifi: cfg80211: fix memory leak in query_regdb_file() 2022-10-24 9:49 ` Kalle Valo @ 2022-10-25 8:54 ` Arend van Spriel 0 siblings, 0 replies; 3+ messages in thread From: Arend van Spriel @ 2022-10-25 8:54 UTC (permalink / raw) To: Kalle Valo, Arend van Spriel; +Cc: Johannes Berg, linux-wireless [-- Attachment #1: Type: text/plain, Size: 519 bytes --] On 10/24/2022 11:49 AM, Kalle Valo wrote: > Arend van Spriel <aspriel@gmail.com> writes: > >> In the function query_regdb_file() the alpha2 parameter is duplicated >> using kmemdup() and subsequently freed in regdb_fw_cb(). However, >> request_firmware_nowait() can fail without calling regdb_fw_cb() and >> thus leak memory. >> >> Fixes: 007f6c5e6eb4 ("cfg80211: support loading regulatory database as >> firmware file") > > The fixes tag should be in one line. Correct,which is why I sent a V2 ;-) Regards, Arend [-- Attachment #2: S/MIME Cryptographic Signature --] [-- Type: application/pkcs7-signature, Size: 4219 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-10-25 8:55 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-10-19 11:44 [PATCH] wifi: cfg80211: fix memory leak in query_regdb_file() Arend van Spriel 2022-10-24 9:49 ` Kalle Valo 2022-10-25 8:54 ` Arend van Spriel
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).