| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260120124732.2644702-1-zilin@seu.edu.cn>
Date: Tue, 20 Jan 2026 12:47:32 +0000
From: Zilin Guan <zilin@....edu.cn>
To: johannes@...solutions.net
Cc: chunkeey@...glemail.com,
linux-kernel@...r.kernel.org,
linux-wireless@...r.kernel.org,
quic_rdevanat@...cinc.com,
zilin@....edu.cn
Subject: Re: [PATCH] wifi: p54: Fix memory leak in p54_beacon_update()
On Tue, Jan 20, 2026 at 09:16:05AM +0100, Johannes Berg wrote:
> On Mon, 2026-01-19 at 11:31 +0000, Zilin Guan wrote:
> > In p54_beacon_update(), beacon is allocated via ieee80211_beacon_get().
> > If p54_beacon_format_ie_tim() fails, the function returns immediately
> > without freeing the allocated beacon skb, leading to a memory leak.
> >
> > Since no other references to this memory exist, it must be freed locally
> > before returning the error. Fix this by freeing the buffer using
> > dev_kfree_skb_any() in the error path.
> >
> > Compile tested only. Issue found using a prototype static analysis tool
> > and code review.
> >
> > Fixes: 0ac0d6cedf61 ("p54: Move mac80211 glue code")
>
> That doesn't seem right, although that commit didn't really "move" code,
> it added unused code ... but I think that it probably could go further
> back.
>
> johannes
Thanks for pointing this out. I traced it further back and found the issue
was introduced in commit e5ea92a7528d ("p54: AP & Ad-hoc testing").
I will update the Fixes tag and send v2.
Regards,
Zilin Guan
Powered by blists - more mailing lists