LinuxLists.cc - [PATCH] staging: rtl8712: rtl871x_ioctl

2014-06-01 11:29:53

Subject: [PATCH] staging: rtl8712: rtl871x_ioctl_linux.c: Cleaning up memory leak

There is a risk for memory leak in when something unexpected happens
and the function returns.

This was largely found by using a static code analysis program called cppcheck.

Signed-off-by: Rickard Strandqvist <[email protected]>
---
drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
index 23d539d..27e0243 100644
--- a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
+++ b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
@@ -1822,6 +1822,7 @@ static int r871x_wx_set_enc_ext(struct net_device *dev,
alg_name = "CCMP";
break;
default:
+ kfree(param);
return -EINVAL;
}
strncpy((char *)param->u.crypt.alg, alg_name, IEEE_CRYPT_ALG_NAME_LEN);
--
1.7.10.4

2014-06-01 22:28:33

by Christian Engelmayer

[permalink] [raw]

Subject: Re: [PATCH] staging: rtl8712: rtl871x_ioctl_linux.c: Cleaning up memory leak

On Sun, 1 Jun 2014 13:30:43 +0200, Rickard Strandqvist <[email protected]> wrote:
> There is a risk for memory leak in when something unexpected happens
> and the function returns.
>
> This was largely found by using a static code analysis program called cppcheck.
>
> Signed-off-by: Rickard Strandqvist <[email protected]>
> ---
> drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> index 23d539d..27e0243 100644
> --- a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> +++ b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> @@ -1822,6 +1822,7 @@ static int r871x_wx_set_enc_ext(struct net_device *dev,
> alg_name = "CCMP";
> break;
> default:
> + kfree(param);
> return -EINVAL;
> }
> strncpy((char *)param->u.crypt.alg, alg_name, IEEE_CRYPT_ALG_NAME_LEN);

Hi Rickard,

This one doesn't apply either. Commit 55d4f6cc (staging: rtl8712: fix potential
leak in r871x_wx_set_enc_ext()) moved the input verification to the beginning
of the function so that the direct return no longer hurt. This change was also
already in flight at the time of Your first version of the patch in May.

Please check that Your patches are based on linux-next.

Best Regards,
Christian

2014-06-02 08:43:32

by Dan Carpenter

[permalink] [raw]

Subject: Re: [PATCH] staging: rtl8712: rtl871x_ioctl_linux.c: Cleaning up memory leak

On Sun, Jun 01, 2014 at 01:30:43PM +0200, Rickard Strandqvist wrote:
> There is a risk for memory leak in when something unexpected happens
> and the function returns.
>
> This was largely found by using a static code analysis program called cppcheck.
>
> Signed-off-by: Rickard Strandqvist <[email protected]>
> ---
> drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> index 23d539d..27e0243 100644
> --- a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> +++ b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> @@ -1822,6 +1822,7 @@ static int r871x_wx_set_enc_ext(struct net_device *dev,
> alg_name = "CCMP";
> break;
> default:
> + kfree(param);

Wat? Param isn't even allocated at this point. It gets allocated a
couple lines later.

regards,
dan carpenter

2014-06-02 22:09:53

by Rickard Strandqvist

[permalink] [raw]

Subject: Re: [PATCH] staging: rtl8712: rtl871x_ioctl_linux.c: Cleaning up memory leak

Hi

Okay, this code has been changed in linux-next, before the allocation
before the switch statement.

Yes, I repeat it to myself.. I'll check everything against linux-next
in the future!

Best regards
Rickard Strandqvist

2014-06-02 10:41 GMT+02:00 Dan Carpenter <[email protected]>:
> On Sun, Jun 01, 2014 at 01:30:43PM +0200, Rickard Strandqvist wrote:
>> There is a risk for memory leak in when something unexpected happens
>> and the function returns.
>>
>> This was largely found by using a static code analysis program called cppcheck.
>>
>> Signed-off-by: Rickard Strandqvist <[email protected]>
>> ---
>> drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
>> index 23d539d..27e0243 100644
>> --- a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
>> +++ b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
>> @@ -1822,6 +1822,7 @@ static int r871x_wx_set_enc_ext(struct net_device *dev,
>> alg_name = "CCMP";
>> break;
>> default:
>> + kfree(param);
>
> Wat? Param isn't even allocated at this point. It gets allocated a
> couple lines later.
>
> regards,
> dan carpenter
>