[PATCH 4.1 46/95] nl80211: Fix potential memory leak from parse_acl_data

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Ola Olsson <ola.olsson@sonymobile.com>,
	Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH 4.1 46/95] nl80211: Fix potential memory leak from parse_acl_data
Date: Mon,  7 Dec 2015 09:35:40 -0500	[thread overview]
Message-ID: <20151207142741.584184739@linuxfoundation.org> (raw)
In-Reply-To: <20151207142739.317088107@linuxfoundation.org>

4.1-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ola Olsson <ola1olsson@gmail.com>

commit 4baf6bea37247e59f1971e8009d13aeda95edba2 upstream.

If parse_acl_data succeeds but the subsequent parsing of smps
attributes fails, there will be a memory leak due to early returns.
Fix that by moving the ACL parsing later.

Fixes: 18998c381b19b ("cfg80211: allow requesting SMPS mode on ap start")
Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/wireless/nl80211.c |   12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3407,12 +3407,6 @@ static int nl80211_start_ap(struct sk_bu
 				     wdev->iftype))
 		return -EINVAL;
 
-	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
-		params.acl = parse_acl_data(&rdev->wiphy, info);
-		if (IS_ERR(params.acl))
-			return PTR_ERR(params.acl);
-	}
-
 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
 		params.smps_mode =
 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
@@ -3436,6 +3430,12 @@ static int nl80211_start_ap(struct sk_bu
 		params.smps_mode = NL80211_SMPS_OFF;
 	}
 
+	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
+		params.acl = parse_acl_data(&rdev->wiphy, info);
+		if (IS_ERR(params.acl))
+			return PTR_ERR(params.acl);
+	}
+
 	wdev_lock(wdev);
 	err = rdev_start_ap(rdev, dev, &params);
 	if (!err) {

next prev parent reply	other threads:[~2015-12-07 14:35 UTC|newest]

Thread overview: 90+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-07 14:34 [PATCH 4.1 00/95] 4.1.14-stable review Greg Kroah-Hartman
2015-12-07 14:34 ` [PATCH 4.1 02/95] tipc: allow non-linear first fragment buffer Greg Kroah-Hartman
2015-12-07 14:34 ` [PATCH 4.1 04/95] macvtap: unbreak receiving of gro skb with frag list Greg Kroah-Hartman
2015-12-07 14:34 ` [PATCH 4.1 05/95] ppp: fix pppoe_dev deletion condition in pppoe_release() Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 06/95] ipv6: gre: support SIT encapsulation Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 07/95] fib_trie: leaf_walk_rcu should not compute key if key is less than pn->key Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 08/95] RDS-TCP: Recover correctly from pskb_pull()/pksb_trim() failure in rds_tcp_data_recv Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 09/95] net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 10/95] tipc: linearize arriving NAME_DISTR and LINK_PROTO buffers Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 11/95] stmmac: Correctly report PTP capabilities Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 12/95] ipmr: fix possible race resulting from improper usage of IP_INC_STATS_BH() in preemptible context Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 14/95] sit: fix sit0 percpu double allocations Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 15/95] sfc: push partner queue for skb->xmit_more Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 16/95] net: avoid NULL deref in inet_ctl_sock_destroy() Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 17/95] ipv6: clean up dev_snmp6 proc entry when we fail to initialize inet6_dev Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 18/95] ipv4: disable BH when changing ip local port range Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 19/95] packet: race condition in packet_bind Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 20/95] net: fix a race in dst_release() Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 21/95] virtio-net: drop NETIF_F_FRAGLIST Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 22/95] RDS: verify the underlying transport exists before creating a connection Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 23/95] ARM: 8426/1: dma-mapping: add missing range check in dma_mmap() Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 24/95] ARM: 8427/1: dma-mapping: add support for offset parameter " Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 25/95] ARM: common: edma: Fix channel parameter for irq callbacks Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 26/95] ARM: dts: imx27.dtsi: change the clock information for usb Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 27/95] ARM: tegra: paz00: use con_ids to refer GPIOs in gpiod_lookup table Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 28/95] ARM: at91/dt: corrections to i2c1 declaration to sama5d4 Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 29/95] ARM: at91: pm: at91_pm_suspend_in_sram() must be 8-byte aligned Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 30/95] ARM: dts: Fix WLAN regression on omap5-uevm Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 31/95] ARM: pxa: remove incorrect __init annotation on pxa27x_set_pwrmode Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 32/95] MIPS: lantiq: add clk_round_rate() Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 33/95] MIPS: KVM: Fix ASID restoration logic Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 34/95] MIPS: KVM: Fix CACHE immediate offset sign extension Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 35/95] MIPS: KVM: Uninit VCPU in vcpu_create error path Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 37/95] KVM: x86: work around infinite loop in microcode when #AC is delivered Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 38/95] x86/setup: Extend low identity map to cover whole kernel range Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 39/95] x86/setup: Fix low identity map for >= 2GB " Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 40/95] x86/cpu: Call verify_cpu() after having entered long mode too Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 41/95] x86/cpu: Fix SMAP check in PVOPS environments Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 42/95] mac80211: Fix local deauth while associating Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 43/95] mac80211: fix driver RSSI event calculations Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 44/95] mac80211: allow null chandef in tracing Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 45/95] mac80211: fix divide by zero when NOA update Greg Kroah-Hartman
2015-12-07 14:35 ` Greg Kroah-Hartman [this message]
2015-12-07 14:35 ` [PATCH 4.1 47/95] NFC: nci: Fix incorrect data chaining when sending data Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 48/95] NFC: nci: Fix improper management of HCI return code Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 49/95] NFC: nci: extract pipe value using NCI_HCP_MSG_GET_PIPE Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 50/95] iwlwifi: pcie: fix (again) prepare card flow Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 51/95] iwlwifi: Add new PCI IDs for the 8260 series Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 52/95] net: mvneta: Fix CPU_MAP registers initialisation Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 53/95] fs/proc, core/debug: Dont expose absolute kernel addresses via wchan Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 54/95] clk: versatile-icst: fix memory leak Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 55/95] mfd: twl6040: Fix deferred probe handling for clk32k Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 56/95] mwifiex: fix mwifiex_rdeeprom_read() Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 57/95] staging: rtl8712: Add device ID for Sitecom WLA2100 Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 58/95] Bluetooth: hidp: fix device disconnect on idle timeout Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 59/95] Bluetooth: ath3k: Add new AR3012 0930:021c id Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 60/95] Bluetooth: ath3k: Add support of AR3012 0cf3:817b device Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 61/95] Bluetooth: Fix removing connection parameters when unpairing Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 62/95] can: Use correct type in sizeof() in nla_put() Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 63/95] can: sja1000: clear interrupts on start Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 64/95] arm64: Fix compat register mappings Greg Kroah-Hartman
2015-12-07 14:35 ` [PATCH 4.1 65/95] arm64: page-align sections for DEBUG_RODATA Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 66/95] ath10k: fix invalid NSS for 4x4 devices Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 67/95] KVM: s390: SCA must not cross page boundaries Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 68/95] KVM: s390: fix wrong lookup of VCPUs by array index Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 69/95] KVM: s390: avoid memory overwrites on emergency signal injection Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 71/95] usb: gadget: atmel_usba_udc: Expose correct device speed Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 72/95] usb: dwc3: gadget: let us set lower max_speed Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 73/95] usb: chipidea: otg: gadget module load and unload support Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 74/95] usb: dwc3: pci: Add the Synopsys HAPS AXI Product ID Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 75/95] usb: dwc3: pci: Add the PCI Product ID for Synopsys USB 3.1 Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 76/95] usb: dwc3: Support Synopsys USB 3.1 IP Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 77/95] usb: dwc3: pci: Add platform data for Synopsys HAPS Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 78/95] usb: chipidea: imx: refine clock operations to adapt for all platforms Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 79/95] ALSA: usb: Add native DSD support for Aune X1S Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 80/95] usb: ehci-orion: fix probe for !GENERIC_PHY Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 81/95] usblp: do not set TASK_INTERRUPTIBLE before lock Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 85/95] USB: ti_usb_3410_5052: Add Honeywell HGI80 ID Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 88/95] ALSA: usb-audio: add packet size quirk for the Medeli DD305 Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 89/95] ALSA: usb-audio: prevent CH345 multiport output SysEx corruption Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 90/95] ALSA: usb-audio: work around CH345 input " Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 92/95] tty: Fix tty_send_xchar() lock order inversion Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 93/95] xhci: Workaround to get Intel xHCI reset working more reliably Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 94/95] staging/lustre: use jiffies for lp_last_query times Greg Kroah-Hartman
2015-12-07 14:36 ` [PATCH 4.1 95/95] KVM: s390: enable SIMD only when no VCPUs were created Greg Kroah-Hartman
2015-12-07 17:18 ` [PATCH 4.1 00/95] 4.1.14-stable review Shuah Khan
     [not found] ` <20151207142739.500311914@linuxfoundation.org>
2015-12-07 17:21   ` [PATCH 4.1 03/95] qmi_wwan: add Sierra Wireless MC74xx/EM74xx Bjørn Mork
2015-12-09  3:28     ` Greg Kroah-Hartman
2015-12-07 21:26 ` [PATCH 4.1 00/95] 4.1.14-stable review Guenter Roeck
2015-12-09  3:19   ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151207142741.584184739@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=johannes.berg@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ola.olsson@sonymobile.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).