lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1305537629-29876-1-git-send-email-julia@diku.dk>
Date:	Mon, 16 May 2011 11:20:29 +0200
From:	Julia Lawall <julia@...u.dk>
To:	Greg Kroah-Hartman <gregkh@...e.de>
Cc:	kernel-janitors@...r.kernel.org, Vipin Mehta <vmehta@...eros.com>,
	Joe Perches <joe@...ches.com>,
	"Luis R. Rodriguez" <lrodriguez@...eros.com>,
	Naveen Singh <nsingh@...eros.com>, devel@...verdev.osuosl.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] drivers/staging/ath6kl/os/linux/cfg80211.c: Add missing call to cfg80211_put_bss

From: Julia Lawall <julia@...u.dk>

A call to cfg80211_get_bss hould be accompanied by a call to
cfg80211_put_bss in error-handling code.

A simplified version of the semantic match that finds this problem is:
(http://coccinelle.lip6.fr/)

// <smpl>
@r exists@
local idexpression struct cfg80211_bss * x;
expression ra,rr;
position p1,p2;
@@

x = cfg80211_get_bss@p1(...)
...  when != x = rr
     when != cfg80211_put_bss(x,...)
     when != if (...) { ... cfg80211_put_bss(x,...) ...}
if(...) { ... when != x = ra
     when forall
     when != cfg80211_put_bss(x,...)
 \(return <+...x...+>; \| return@.....; \) }

@script:python@
p1 << r.p1;
p2 << r.p2;
@@

cocci.print_main("cfg80211_get_bss",p1)
cocci.print_secs("return",p2)

// </smpl>

Signed-off-by: Julia Lawall <julia@...u.dk>

---
I don't really understand the use of the bss variable later.  Afterwards,
along the normal execution path, there is also a call to cfg80211_put_bss,
but at this point bss has been redefined, and I don't have the impression
that it still points to the same value.

 drivers/staging/ath6kl/os/linux/cfg80211.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/staging/ath6kl/os/linux/cfg80211.c b/drivers/staging/ath6kl/os/linux/cfg80211.c
index efd4ae5..1e6a343 100644
--- a/drivers/staging/ath6kl/os/linux/cfg80211.c
+++ b/drivers/staging/ath6kl/os/linux/cfg80211.c
@@ -545,6 +545,7 @@ ar6k_cfg80211_connect_event(struct ar6_softc *ar, u16 channel,
     if(!ieeemgmtbuf) {
             AR_DEBUG_PRINTF(ATH_DEBUG_ERR,
                             ("%s: ieeeMgmtbuf alloc error\n", __func__));
+	    cfg80211_put_bss(bss);
             return;
     }
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ