LinuxLists.cc - Re: [PATCH] iwlwifi: Fix memory leak on reduce_power

2021-07-23 14:36:57

Subject: Re: [PATCH] iwlwifi: Fix memory leak on reduce_power_data buffer

On Fri, Jul 23, 2021 at 03:11:52PM +0100, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> In the error case where the TLV length is invalid the allocated
> reduce_power_data buffer pointer is set to ERR_PTR(-EINVAL) without
> first kfree'ing any previous allocated memory. Fix this memory
> leak by kfree'ing it before taking the error return path.
>
> Addresses-Coverity: ("Resource leak")
> Fixes: 9dad325f9d57 ("iwlwifi: support loading the reduced power table from UEFI")
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c b/drivers/net/wireless/intel/iwlwifi/fw/uefi.c
> index a7c79d814aa4..413bfb2ae54d 100644
> --- a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c
> +++ b/drivers/net/wireless/intel/iwlwifi/fw/uefi.c
> @@ -86,6 +86,7 @@ static void *iwl_uefi_reduce_power_section(struct iwl_trans *trans,
> if (len < tlv_len) {
^^^^^^^^^^^^^
Not related to your patch but probably this comparison aught to be done
against aligned tlv_len.

tlv_len = ALIGN(tlv_len, 4);
if (len < tlv_len) {

Especially in the iwl_uefi_reduce_power_parse() function. Or maybe just
if (tlv_len % 0x4 || len < tlv_len)?

regards,
dan carpenter