[PATCH 2/9] staging: wilc1000: avoid 'NULL' pointer access in wilc_network_info_received()
Ajay Singh
ajay.kathat at microchip.com
Fri Mar 23 15:08:51 UTC 2018
Added 'NULL' check before accessing the allocated memory. Free up the
memory incase of failure to enqueue the command. Used kmemdup instead of
kmalloc & memcpy.
Signed-off-by: Ajay Singh <ajay.kathat at microchip.com>
---
drivers/staging/wilc1000/host_interface.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c
index a13998d..70c10bc 100644
--- a/drivers/staging/wilc1000/host_interface.c
+++ b/drivers/staging/wilc1000/host_interface.c
@@ -3453,12 +3453,15 @@ void wilc_network_info_received(struct wilc *wilc, u8 *buffer, u32 length)
msg.vif = vif;
msg.body.net_info.len = length;
- msg.body.net_info.buffer = kmalloc(length, GFP_KERNEL);
- memcpy(msg.body.net_info.buffer, buffer, length);
+ msg.body.net_info.buffer = kmemdup(buffer, length, GFP_KERNEL);
+ if (!msg.body.net_info.buffer)
+ return;
result = wilc_enqueue_cmd(&msg);
- if (result)
+ if (result) {
netdev_err(vif->ndev, "message parameters (%d)\n", result);
+ kfree(msg.body.net_info.buffer);
+ }
}
void wilc_gnrl_async_info_received(struct wilc *wilc, u8 *buffer, u32 length)
--
2.7.4
More information about the devel
mailing list