| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Nov 2013 12:13:37 +0000
From: "Hante Meuleman" <meuleman@...adcom.com>
To: "Geyslan G. Bem" <geyslan@...il.com>
cc: "Brett Rudley" <brudley@...adcom.com>,
"Arend Van Spriel" <arend@...adcom.com>,
"Franky Lin" <frankyl@...adcom.com>,
"John W. Linville" <linville@...driver.com>,
"Pieter-Paul Giesberts" <pieterpg@...adcom.com>,
"Piotr Haber" <phaber@...adcom.com>,
"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
brcm80211-dev-list <brcm80211-dev-list@...adcom.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] brcmfmac: fix possible memory leak
Good find, wrong solution. The chanspecs is a temporarily variable which should be freed when exiting the function. Not only when there is an error. I personally would have preferred just a free at the end of the " if (request->n_channels) {". So something like this:
}
err = brcmf_p2p_escan(p2p, num_nodfs, chanspecs, search_state,
action, P2PAPI_BSSCFG_DEVICE);
+ kfree(chanspecs);
}
In this case the pointer doesn't have to be initialized to NULL.
Regards,
Hante
-----Original Message-----
From: Geyslan G. Bem [mailto:geyslan@...il.com]
Sent: vrijdag 15 november 2013 12:54
To: geyslan@...il.com
Cc: Brett Rudley; Arend Van Spriel; Franky Lin; Hante Meuleman; John W. Linville; Pieter-Paul Giesberts; Piotr Haber; linux-wireless@...r.kernel.org; brcm80211-dev-list; netdev@...r.kernel.org; linux-kernel@...r.kernel.org
Subject: [PATCH] brcmfmac: fix possible memory leak
In case of error free 'chanspecs'.
Signed-off-by: Geyslan G. Bem <geyslan@...il.com>
---
drivers/net/wireless/brcm80211/brcmfmac/p2p.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
index d7a9745..aea2c2e 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
@@ -771,7 +771,7 @@ static s32 brcmf_p2p_run_escan(struct brcmf_cfg80211_info *cfg,
struct brcmf_cfg80211_vif *vif;
struct net_device *dev = NULL;
int i, num_nodfs = 0;
- u16 *chanspecs;
+ u16 *chanspecs = NULL;
brcmf_dbg(TRACE, "enter\n");
@@ -825,8 +825,10 @@ static s32 brcmf_p2p_run_escan(struct brcmf_cfg80211_info *cfg,
action, P2PAPI_BSSCFG_DEVICE);
}
exit:
- if (err)
+ if (err) {
brcmf_err("error (%d)\n", err);
+ kfree(chanspecs);
+ }
return err;
}
--
1.8.4.2
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists