lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20170602154045.28948-1-colin.king@canonical.com>
Date:   Fri,  2 Jun 2017 16:40:45 +0100
From:   Colin King <colin.king@...onical.com>
To:     Igor Mitsyanko <imitsyanko@...ntenna.com>,
        Avinash Patil <avinashp@...ntenna.com>,
        Sergey Matyukevich <smatyukevich@...ntenna.com>,
        Kalle Valo <kvalo@...eaurora.org>,
        Dmitrii Lebed <dlebed@...ntenna.com>,
        Huizhao Wang <hwang@...ntenna.com>,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH][wireless-next] qtnfmac: check band before allocating cmd_skb to avoid resource leak

From: Colin Ian King <colin.king@...onical.com>

The current code allocates cmd_skb and then will leak this if band->band
is an illegal value. It is simpler to sanity check the band first before
allocating cmd_skb so that we don't have to free cmd_skb if an invalid
band occurs.

Detected by CoverityScan, CID#1437561 ("Resource Leak")

Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
 drivers/net/wireless/quantenna/qtnfmac/commands.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/net/wireless/quantenna/qtnfmac/commands.c b/drivers/net/wireless/quantenna/qtnfmac/commands.c
index f0a0cfa7d8a1..cce62f39edaf 100644
--- a/drivers/net/wireless/quantenna/qtnfmac/commands.c
+++ b/drivers/net/wireless/quantenna/qtnfmac/commands.c
@@ -1300,12 +1300,6 @@ int qtnf_cmd_get_mac_chan_info(struct qtnf_wmac *mac,
 	int ret = 0;
 	u8 qband;
 
-	cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, 0,
-					    QLINK_CMD_CHANS_INFO_GET,
-					    sizeof(*cmd));
-	if (!cmd_skb)
-		return -ENOMEM;
-
 	switch (band->band) {
 	case NL80211_BAND_2GHZ:
 		qband = QLINK_BAND_2GHZ;
@@ -1320,6 +1314,12 @@ int qtnf_cmd_get_mac_chan_info(struct qtnf_wmac *mac,
 		return -EINVAL;
 	}
 
+	cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, 0,
+					    QLINK_CMD_CHANS_INFO_GET,
+					    sizeof(*cmd));
+	if (!cmd_skb)
+		return -ENOMEM;
+
 	cmd = (struct qlink_cmd_chans_info_get *)cmd_skb->data;
 	cmd->band = qband;
 	ret = qtnf_cmd_send_with_reply(mac->bus, cmd_skb, &resp_skb, &res_code,
-- 
2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ