On Thu, 1 May 2014 14:22:17 +0200, Mateusz Guzik <mguzik@xxxxxxxxxx> wrote:
> On Thu, May 01, 2014 at 01:57:27PM +0200, Christian Engelmayer wrote:
> > Fix a potential leak in the error path of function update_bcn_wps_ie().
> > Make sure that allocated memory for 'pbackup_remainder_ie' is freed
> > upon return. Detected by Coverity - CID 1077718.
> >
>
> if (remainder_ielen > 0) {
> pbackup_remainder_ie = kmalloc(remainder_ielen, GFP_ATOMIC);
> if (pbackup_remainder_ie)
> memcpy(pbackup_remainder_ie, premainder_ie,
> remainder_ielen);
> }
>
> pwps_ie_src = pmlmepriv->wps_beacon_ie;
> if (pwps_ie_src == NULL)
> return;
>
>
> Maybe just check pwps_ie_src earlier?
>
You are right, I see no reason why this cannot be done early in the function.
diff --git a/drivers/staging/rtl8723au/core/rtw_ap.c b/drivers/staging/rtl8723au/core/rtw_ap.c
index 9b31412..da028c535 100644
--- a/drivers/staging/rtl8723au/core/rtw_ap.c
+++ b/drivers/staging/rtl8723au/core/rtw_ap.c
@@ -1256,6 +1256,10 @@ static void update_bcn_wps_ie(struct rtw_adapter *padapter)
DBG_8723A("%s\n", __func__);
+ pwps_ie_src = pmlmepriv->wps_beacon_ie;
+ if (pwps_ie_src == NULL)
+ return;
+
pwps_ie = rtw_get_wps_ie23a(ie+_FIXED_IE_LENGTH_, ielen-_FIXED_IE_LENGTH_, NULL, &wps_ielen);
if (pwps_ie == NULL || wps_ielen == 0)
@@ -1274,10 +1278,6 @@ static void update_bcn_wps_ie(struct rtw_adapter *padapter)
remainder_ielen);
}
- pwps_ie_src = pmlmepriv->wps_beacon_ie;
- if (pwps_ie_src == NULL)
- return;
-
wps_ielen = (uint)pwps_ie_src[1];/* to get ie data len */
if ((wps_offset+wps_ielen+2+remainder_ielen)<= MAX_IE_SZ)
{
Regards,
Christian
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
