| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20191026045331.1097-1-navid.emamdoost@gmail.com>
Date: Fri, 25 Oct 2019 23:53:30 -0500
From: Navid Emamdoost <navid.emamdoost@...il.com>
To: unlisted-recipients:; (no To-header on input)
Cc: emamd001@....edu, kjlu@....edu, smccaman@....edu,
Navid Emamdoost <navid.emamdoost@...il.com>,
Inaky Perez-Gonzalez <inaky.perez-gonzalez@...el.com>,
linux-wimax@...el.com, "David S. Miller" <davem@...emloft.net>,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
In the implementation of i2400m_op_rfkill_sw_toggle() the allocated
buffer for cmd should be released before returning. The
documentation for i2400m_msg_to_dev() says when it returns the buffer
can be reused. Meaning cmd should be released in either case. Move
kfree(cmd) before return to be reached by all execution paths.
Fixes: 2507e6ab7a9a ("wimax: i2400: fix memory leak")
Signed-off-by: Navid Emamdoost <navid.emamdoost@...il.com>
---
drivers/net/wimax/i2400m/op-rfkill.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wimax/i2400m/op-rfkill.c b/drivers/net/wimax/i2400m/op-rfkill.c
index 8efb493ceec2..5c79f052cad2 100644
--- a/drivers/net/wimax/i2400m/op-rfkill.c
+++ b/drivers/net/wimax/i2400m/op-rfkill.c
@@ -127,12 +127,12 @@ int i2400m_op_rfkill_sw_toggle(struct wimax_dev *wimax_dev,
"%d\n", result);
result = 0;
error_cmd:
- kfree(cmd);
kfree_skb(ack_skb);
error_msg_to_dev:
error_alloc:
d_fnend(4, dev, "(wimax_dev %p state %d) = %d\n",
wimax_dev, state, result);
+ kfree(cmd);
return result;
}
--
2.17.1
Powered by blists - more mailing lists