On Sat, 3 May 2014 23:06:50 +0300, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> Many of my other comments apply.
>
> > diff --git a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> > index 23d539d..1d4475d 100644
> > --- a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> > +++ b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> > max_rate *= 2; /* Mbps/2 */
> > @@ -1822,6 +1814,7 @@ static int r871x_wx_set_enc_ext(struct net_device *dev,
> > alg_name = "CCMP";
> > break;
> > default:
> > + kfree(param);
> > return -EINVAL;
>
> Good. But this belongs in a separate patch.
>
There's a patch proposal from 2014-05-01 this week that addresses this issue,
see "[PATCH] staging: rtl8712: fix potential leak in r871x_wx_set_enc_ext()"
> > }
> > strncpy((char *)param->u.crypt.alg, alg_name, IEEE_CRYPT_ALG_NAME_LEN);
> > diff --git a/drivers/staging/rtl8712/rtl871x_mlme.c b/drivers/staging/rtl8712/rtl871x_mlme.c
> > index 3ea99ae..f126763 100644
> > --- a/drivers/staging/rtl8712/rtl871x_mlme.c
> > +++ b/drivers/staging/rtl8712/rtl871x_mlme.c
> > @@ -1274,22 +1274,30 @@ sint r8712_set_key(struct _adapter *adapter,
> > psecuritypriv->DefKey[keyid].skey, keylen);
> > break;
> > case _TKIP_:
> > - if (keyid < 1 || keyid > 2)
> > + if (keyid < 1 || keyid > 2) {
> > + kfree((unsigned char *)pcmd);
> > + kfree((unsigned char *)psetkeyparm);
> > return _FAIL;
>
> The cast is wrong and anyway it's not needed. This should be:
>
> ret = _FAIL;
> goto err_free_keyparm;
>
same here, see "[PATCH] staging: rtl8712: fix potential leaks in r8712_set_key()".
Regards,
Christian
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
