LinuxLists.cc - [PATCH net-next] mac80211_hwsim: fix possible memory leak in hwsim_new_radio

2018-01-18 02:17:13

Subject: [PATCH net-next] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()

'hwname' is malloced in hwsim_new_radio_nl() and should be freed
before leaving from the error handling cases, otherwise it will cause
memory leak.

Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length")
Signed-off-by: Wei Yongjun <[email protected]>
---
drivers/net/wireless/mac80211_hwsim.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index e542555..34052c1 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3155,8 +3155,10 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info)
if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) {
u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]);

- if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom))
+ if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) {
+ kfree(hwname);
return -EINVAL;
+ }
param.regd = hwsim_world_regdom_custom[idx];
}

2018-01-19 00:39:02

by Ben Hutchings

[permalink] [raw]

Subject: Re: [PATCH net-next] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()

On Thu, 2018-01-18 at 02:23 +0000, Wei Yongjun wrote:
> 'hwname' is malloced in hwsim_new_radio_nl() and should be freed
> before leaving from the error handling cases, otherwise it will cause
> memory leak.
>
> Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length")
> Signed-off-by: Wei Yongjun <[email protected]>

Reviewed-by: Ben Hutchings <[email protected]>

Not sure how I missed this case.

Ben.

> ---
> drivers/net/wireless/mac80211_hwsim.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
> index e542555..34052c1 100644
> --- a/drivers/net/wireless/mac80211_hwsim.c
> +++ b/drivers/net/wireless/mac80211_hwsim.c
> @@ -3155,8 +3155,10 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info)
> if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) {
> u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]);
>
> - if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom))
> + if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) {
> + kfree(hwname);
> return -EINVAL;
> + }
> param.regd = hwsim_world_regdom_custom[idx];
> }
>
>
--
Ben Hutchings
Software Developer, Codethink Ltd.