2022-10-19 12:12:09

by Arend Van Spriel

[permalink] [raw]

Subject: [PATCH] wifi: cfg80211: fix memory leak in query_regdb_file()

---

In the function query_regdb_file() the alpha2 parameter is duplicated
using kmemdup() and subsequently freed in regdb_fw_cb(). However,
request_firmware_nowait() can fail without calling regdb_fw_cb() and
thus leak memory.

Fixes: 007f6c5e6eb4 ("cfg80211: support loading regulatory database as
firmware file")
Signed-off-by: Arend van Spriel <[email protected]>
---
net/wireless/reg.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index ec25924a1c26..f629c2e15fea 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1080,6 +1080,8 @@ static void regdb_fw_cb(const struct firmware
*fw, void *context)

static int query_regdb_file(const char *alpha2)
{
+ int err;
+
ASSERT_RTNL();

if (regdb)
@@ -1089,9 +1091,13 @@ static int query_regdb_file(const char *alpha2)
if (!alpha2)
return -ENOMEM;

- return request_firmware_nowait(THIS_MODULE, true, "regulatory.db",
- &reg_pdev->dev, GFP_KERNEL,
- (void *)alpha2, regdb_fw_cb);
+ err = request_firmware_nowait(THIS_MODULE, true, "regulatory.db",
+ &reg_pdev->dev, GFP_KERNEL,
+ (void *)alpha2, regdb_fw_cb);
+ if (err)
+ kfree(alpha2);
+
+ return err;
}

int reg_reload_regdb(void)
--
2.35.1

2022-10-24 10:02:46

by Kalle Valo

[permalink] [raw]

Subject: Re: [PATCH] wifi: cfg80211: fix memory leak in query_regdb_file()

---

Arend van Spriel <[email protected]> writes:

> In the function query_regdb_file() the alpha2 parameter is duplicated
> using kmemdup() and subsequently freed in regdb_fw_cb(). However,
> request_firmware_nowait() can fail without calling regdb_fw_cb() and
> thus leak memory.
>
> Fixes: 007f6c5e6eb4 ("cfg80211: support loading regulatory database as
> firmware file")

The fixes tag should be in one line.

--
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

2022-10-25 09:06:35

by Arend van Spriel

[permalink] [raw]

Subject: Re: [PATCH] wifi: cfg80211: fix memory leak in query_regdb_file()

---

On 10/24/2022 11:49 AM, Kalle Valo wrote:
> Arend van Spriel <[email protected]> writes:
>
>> In the function query_regdb_file() the alpha2 parameter is duplicated
>> using kmemdup() and subsequently freed in regdb_fw_cb(). However,
>> request_firmware_nowait() can fail without calling regdb_fw_cb() and
>> thus leak memory.
>>
>> Fixes: 007f6c5e6eb4 ("cfg80211: support loading regulatory database as
>> firmware file")
>
> The fixes tag should be in one line.

Correct,which is why I sent a V2 ;-)

Regards,
Arend

---

Attachments:

smime.p7s (4.12 kB)
S/MIME Cryptographic Signature