nl80211: fix possible memory leak nl80211_connect()

connkeys is malloced in nl80211_parse_connkeys() and should be freed in the error handling case, otherwise it will cause memory leak. spatch with a semantic match is used to found this problem. (http://coccinelle.lip6.fr/) Signed-off-by: N Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: N Johannes Berg <johannes.berg@intel.com>

nl80211: fix possible memory leak nl80211_connect()
connkeys is malloced in nl80211_parse_connkeys() and should be freed in the error handling case, otherwise it will cause memory leak. spatch with a semantic match is used to found this problem. (http://coccinelle.lip6.fr/) Signed-off-by: N Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: N Johannes Berg <johannes.berg@intel.com>
b4e4f47e · Wei Yongjun · Johannes Berg · 3d2abdfd · b4e4f47e
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

net/wireless/nl80211.c net/wireless/nl80211.c +3 -1

未找到文件。
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -5633,8 +5633,10 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
 		       sizeof(connect.ht_capa_mask));

 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
-		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
+		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
+			kfree(connkeys);
 			return -EINVAL;
+		}
 		memcpy(&connect.ht_capa,
 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
 		       sizeof(connect.ht_capa));