[PATCH] staging: rtl8723au: fix potential leak in update_bcn_wps_ie()

Jes Sorensen Jes.Sorensen at redhat.com
Thu May 1 21:46:57 UTC 2014


Christian Engelmayer <cengelma at gmx.at> writes:
> On Thu, 1 May 2014 14:22:17 +0200, Mateusz Guzik <mguzik at redhat.com> wrote:
>> On Thu, May 01, 2014 at 01:57:27PM +0200, Christian Engelmayer wrote:
>> > Fix a potential leak in the error path of function update_bcn_wps_ie().
>> > Make sure that allocated memory for 'pbackup_remainder_ie' is freed
>> > upon return. Detected by Coverity - CID 1077718.
>> > 
>> 
>>         if (remainder_ielen > 0) {
>>                 pbackup_remainder_ie = kmalloc(remainder_ielen, GFP_ATOMIC);
>>                 if (pbackup_remainder_ie)
>>                         memcpy(pbackup_remainder_ie, premainder_ie,
>>                                remainder_ielen);
>>         }
>> 
>>         pwps_ie_src = pmlmepriv->wps_beacon_ie;
>>         if (pwps_ie_src == NULL)
>>                 return;
>> 
>> 
>> Maybe just check pwps_ie_src earlier?
>> 
>
> You are right, I see no reason why this cannot be done early in the function.

Looks good to me - if you send me a patch with a commit message and a
Signed-off-by, I'll add it to the rtl8723au driver tree and push it to
Greg with my next set of changes.

Cheers,
Jes


More information about the devel mailing list