From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Johannes Berg <johannes.berg@intel.com>,
Sasha Levin <sashal@kernel.org>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 20/58] nl80211: fix potential leak in AP start
Date: Thu, 5 Mar 2020 12:13:41 -0500 [thread overview]
Message-ID: <20200305171420.29595-20-sashal@kernel.org> (raw)
In-Reply-To: <20200305171420.29595-1-sashal@kernel.org>
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 9951ebfcdf2b97dbb28a5d930458424341e61aa2 ]
If nl80211_parse_he_obss_pd() fails, we leak the previously
allocated ACL memory. Free it in this case.
Fixes: 796e90f42b7e ("cfg80211: add support for parsing OBBS_PD attributes")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200221104142.835aba4cdd14.I1923b55ba9989c57e13978f91f40bfdc45e60cbd@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/nl80211.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index c74646b7a751f..78c2d9359fc72 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4794,8 +4794,7 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
err = nl80211_parse_he_obss_pd(
info->attrs[NL80211_ATTR_HE_OBSS_PD],
¶ms.he_obss_pd);
- if (err)
- return err;
+ goto out;
}
nl80211_calculate_ap_params(¶ms);
@@ -4817,6 +4816,7 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
}
wdev_unlock(wdev);
+out:
kfree(params.acl);
return err;
--
2.20.1
next prev parent reply other threads:[~2020-03-05 17:21 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-05 17:13 [PATCH AUTOSEL 5.4 01/58] ACPI: watchdog: Allow disabling WDAT at boot Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 02/58] HID: apple: Add support for recent firmware on Magic Keyboards Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 03/58] HID: core: fix off-by-one memset in hid_report_raw_event() Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 04/58] HID: core: increase HID report buffer size to 8KiB Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 05/58] HID: hiddev: Fix race in in hiddev_disconnect() Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 06/58] HID: alps: Fix an error handling path in 'alps_input_configured()' Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 07/58] i2c: altera: Fix potential integer overflow Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 08/58] ACPI: watchdog: Set default timeout in probe Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 09/58] HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 10/58] mips: vdso: fix 'jalr t9' crash in vdso code Sasha Levin
2020-08-29 13:08 ` Hauke Mehrtens
2020-08-29 13:56 ` Sasha Levin
2020-08-29 14:37 ` Hauke Mehrtens
2020-08-30 2:23 ` Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 11/58] MIPS: Disable VDSO time functionality on microMIPS Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 12/58] mips: vdso: add build time check that no 'jalr t9' calls left Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 13/58] MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()' Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 14/58] HID: hid-bigbenff: fix general protection fault caused by double kfree Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 15/58] HID: hid-bigbenff: call hid_hw_stop() in case of error Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 16/58] HID: hid-bigbenff: fix race condition for scheduled work during removal Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 17/58] MIPS: vdso: Wrap -mexplicit-relocs in cc-option Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 18/58] selftests/rseq: Fix out-of-tree compilation Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 19/58] tracing: Fix number printing bug in print_synth_event() Sasha Levin
2020-03-05 17:13 ` Sasha Levin [this message]
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 21/58] cfg80211: check reg_rule for NULL in handle_channel_custom() Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 22/58] mac80211: Remove a redundant mutex unlock Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 23/58] scsi: libfc: free response frame from GPN_ID Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 24/58] netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 25/58] netfilter: ipset: Fix forceadd evaluation path Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 26/58] vhost: Check docket sk_family instead of call getname Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 27/58] net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 28/58] hv_netvsc: Fix unwanted wakeup in netvsc_attach() Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 29/58] net: ks8851-ml: Fix IRQ handling and locking Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 30/58] mac80211: rx: avoid RCU list traversal under mutex Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 31/58] net: ll_temac: Fix race condition causing TX hang Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 32/58] net: ll_temac: Add more error handling of dma_map_single() calls Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 33/58] net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 34/58] net: ll_temac: Handle DMA halt condition caused by buffer underrun Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 35/58] blk-mq: insert passthrough request into hctx->dispatch directly Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 36/58] drm/amdgpu: fix memory leak during TDR test(v2) Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 37/58] kbuild: fix DT binding schema rule to detect command line changes Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 38/58] kbuild: add dtbs_check to PHONY Sasha Levin
2020-03-05 17:14 ` [PATCH AUTOSEL 5.4 39/58] kbuild: add dt_binding_check to PHONY in a correct place Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200305171420.29595-20-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=johannes.berg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).