There is a risk for memory leak in when something unexpected happens
and the function returns.
This was largely found by using a static code analysis program called cppcheck.
Signed-off-by: Rickard Strandqvist <[email protected]>
---
drivers/staging/rtl8712/rtl871x_mlme.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/drivers/staging/rtl8712/rtl871x_mlme.c b/drivers/staging/rtl8712/rtl871x_mlme.c
index 3ea99ae..00bbf40 100644
--- a/drivers/staging/rtl8712/rtl871x_mlme.c
+++ b/drivers/staging/rtl8712/rtl871x_mlme.c
@@ -1249,8 +1249,7 @@ sint r8712_set_key(struct _adapter *adapter,
return _FAIL;
psetkeyparm = (struct setkey_parm *)_malloc(sizeof(struct setkey_parm));
if (psetkeyparm == NULL) {
- kfree((unsigned char *)pcmd);
- return _FAIL;
+ goto err_free_pcmd;
}
memset(psetkeyparm, 0, sizeof(struct setkey_parm));
if (psecuritypriv->AuthAlgrthm == 2) { /* 802.1X */
@@ -1275,7 +1274,7 @@ sint r8712_set_key(struct _adapter *adapter,
break;
case _TKIP_:
if (keyid < 1 || keyid > 2)
- return _FAIL;
+ goto err_free_all;
keylen = 16;
memcpy(psetkeyparm->key,
&psecuritypriv->XGrpKey[keyid - 1], keylen);
@@ -1283,14 +1282,14 @@ sint r8712_set_key(struct _adapter *adapter,
break;
case _AES_:
if (keyid < 1 || keyid > 2)
- return _FAIL;
+ goto err_free_all;
keylen = 16;
memcpy(psetkeyparm->key,
&psecuritypriv->XGrpKey[keyid - 1], keylen);
psetkeyparm->grpkey = 1;
break;
default:
- return _FAIL;
+ goto err_free_all;
}
pcmd->cmdcode = _SetKey_CMD_;
pcmd->parmbuf = (u8 *)psetkeyparm;
@@ -1300,6 +1299,13 @@ sint r8712_set_key(struct _adapter *adapter,
_init_listhead(&pcmd->list);
r8712_enqueue_cmd(pcmdpriv, pcmd);
return _SUCCESS;
+
+err_free_all;
+ kfree(psetkeyparm);
+err_free_pcmd:
+ kfree(pcmd);
+
+ return _FAIL;
}
/* adjust IEs for r8712_joinbss_cmd in WMM */
--
1.7.10.4
On Sun, 1 Jun 2014 13:32:20 +0200, Rickard Strandqvist <[email protected]> wrote:
> There is a risk for memory leak in when something unexpected happens
> and the function returns.
>
> This was largely found by using a static code analysis program called cppcheck.
>
> Signed-off-by: Rickard Strandqvist <[email protected]>
This doesn't apply against staging-next. This fix seems to attack the same
problem as existing commit 2af9e74 (staging: rtl8712: fix potential leaks in
r8712_set_key()) - http://www.spinics.net/lists/linux-driver-devel/msg46501.html
I think we talked about that already - see
http://www.spinics.net/lists/linux-driver-devel/msg46294.html
Regards,
Christian
Hi Christian!
Yes! I mail about this for the first time in early May, but ther were
many other faults in the design of my patch, had several different
types of errors in the same path etc.
So good that they have already been solved then :)
Best regards
Rickard Strandqvist
2014-06-01 23:50 GMT+02:00 Christian Engelmayer <[email protected]>:
> On Sun, 1 Jun 2014 13:32:20 +0200, Rickard Strandqvist <[email protected]> wrote:
>> There is a risk for memory leak in when something unexpected happens
>> and the function returns.
>>
>> This was largely found by using a static code analysis program called cppcheck.
>>
>> Signed-off-by: Rickard Strandqvist <[email protected]>
>
> This doesn't apply against staging-next. This fix seems to attack the same
> problem as existing commit 2af9e74 (staging: rtl8712: fix potential leaks in
> r8712_set_key()) - http://www.spinics.net/lists/linux-driver-devel/msg46501.html
>
> I think we talked about that already - see
> http://www.spinics.net/lists/linux-driver-devel/msg46294.html
>
> Regards,
> Christian