Return-path: Received: from esa5.microchip.iphmx.com ([216.71.150.166]:34176 "EHLO esa5.microchip.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751777AbeCWPJQ (ORCPT ); Fri, 23 Mar 2018 11:09:16 -0400 From: Ajay Singh To: CC: , , , , , , , Ajay Singh Subject: [PATCH 2/9] staging: wilc1000: avoid 'NULL' pointer access in wilc_network_info_received() Date: Fri, 23 Mar 2018 20:38:51 +0530 Message-ID: <1521817738-7557-3-git-send-email-ajay.kathat@microchip.com> (sfid-20180323_160919_473710_D1AD75FA) In-Reply-To: <1521817738-7557-1-git-send-email-ajay.kathat@microchip.com> References: <1521817738-7557-1-git-send-email-ajay.kathat@microchip.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-wireless-owner@vger.kernel.org List-ID: Added 'NULL' check before accessing the allocated memory. Free up the memory incase of failure to enqueue the command. Used kmemdup instead of kmalloc & memcpy. Signed-off-by: Ajay Singh --- drivers/staging/wilc1000/host_interface.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index a13998d..70c10bc 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -3453,12 +3453,15 @@ void wilc_network_info_received(struct wilc *wilc, u8 *buffer, u32 length) msg.vif = vif; msg.body.net_info.len = length; - msg.body.net_info.buffer = kmalloc(length, GFP_KERNEL); - memcpy(msg.body.net_info.buffer, buffer, length); + msg.body.net_info.buffer = kmemdup(buffer, length, GFP_KERNEL); + if (!msg.body.net_info.buffer) + return; result = wilc_enqueue_cmd(&msg); - if (result) + if (result) { netdev_err(vif->ndev, "message parameters (%d)\n", result); + kfree(msg.body.net_info.buffer); + } } void wilc_gnrl_async_info_received(struct wilc *wilc, u8 *buffer, u32 length) -- 2.7.4