| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251218011414.1781294-2-samasth.norway.ananda@oracle.com>
Date: Wed, 17 Dec 2025 17:14:11 -0800
From: Samasth Norway Ananda <samasth.norway.ananda@...cle.com>
To: gregkh@...uxfoundation.org
Cc: linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: [PATCH 1/4] staging: rtl8723bs: fix firmware memory leak on error path
Fix memory leak where firmware is not released on error paths in
rtl8723b_FirmwareDownload().
After successfully calling request_firmware(), if the firmware size
check fails or if kmemdup() fails, the code jumps to the exit label
without calling release_firmware(), causing a memory leak.
Add a release_fw label to properly free the firmware in these er:qror
cases. Also add an error message when firmware size exceeds the limit to
help with debugging.
Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda@...cle.com>
---
drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c b/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
index 57c83f332e74..0eae624a36f0 100644
--- a/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
+++ b/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
@@ -345,14 +345,16 @@ s32 rtl8723b_FirmwareDownload(struct adapter *padapter, bool bUsedWoWLANFw)
}
if (fw->size > FW_8723B_SIZE) {
+ pr_err("Firmware size exceed, max: %d, actual: %zu\n",
+ FW_8723B_SIZE, fw->size);
rtStatus = _FAIL;
- goto exit;
+ goto release_fw;
}
pFirmware->fw_buffer_sz = kmemdup(fw->data, fw->size, GFP_KERNEL);
if (!pFirmware->fw_buffer_sz) {
rtStatus = _FAIL;
- goto exit;
+ goto release_fw;
}
pFirmware->fw_length = fw->size;
@@ -415,6 +417,10 @@ s32 rtl8723b_FirmwareDownload(struct adapter *padapter, bool bUsedWoWLANFw)
goto fwdl_stat;
fwdl_stat:
+ goto exit;
+
+release_fw:
+ release_firmware(fw);
exit:
kfree(pFirmware->fw_buffer_sz);
--
2.50.1
Powered by blists - more mailing lists