There is a risk for memory leak in when something unexpected happens
and the function returns.
This was largely found by using a static code analysis program called cppcheck.
Signed-off-by: Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx>
---
drivers/staging/rtl8712/rtl871x_mlme.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/drivers/staging/rtl8712/rtl871x_mlme.c b/drivers/staging/rtl8712/rtl871x_mlme.c
index 3ea99ae..00bbf40 100644
--- a/drivers/staging/rtl8712/rtl871x_mlme.c
+++ b/drivers/staging/rtl8712/rtl871x_mlme.c
@@ -1249,8 +1249,7 @@ sint r8712_set_key(struct _adapter *adapter,
return _FAIL;
psetkeyparm = (struct setkey_parm *)_malloc(sizeof(struct setkey_parm));
if (psetkeyparm == NULL) {
- kfree((unsigned char *)pcmd);
- return _FAIL;
+ goto err_free_pcmd;
}
memset(psetkeyparm, 0, sizeof(struct setkey_parm));
if (psecuritypriv->AuthAlgrthm == 2) { /* 802.1X */
@@ -1275,7 +1274,7 @@ sint r8712_set_key(struct _adapter *adapter,
break;
case _TKIP_:
if (keyid < 1 || keyid > 2)
- return _FAIL;
+ goto err_free_all;
keylen = 16;
memcpy(psetkeyparm->key,
&psecuritypriv->XGrpKey[keyid - 1], keylen);
@@ -1283,14 +1282,14 @@ sint r8712_set_key(struct _adapter *adapter,
break;
case _AES_:
if (keyid < 1 || keyid > 2)
- return _FAIL;
+ goto err_free_all;
keylen = 16;
memcpy(psetkeyparm->key,
&psecuritypriv->XGrpKey[keyid - 1], keylen);
psetkeyparm->grpkey = 1;
break;
default:
- return _FAIL;
+ goto err_free_all;
}
pcmd->cmdcode = _SetKey_CMD_;
pcmd->parmbuf = (u8 *)psetkeyparm;
@@ -1300,6 +1299,13 @@ sint r8712_set_key(struct _adapter *adapter,
_init_listhead(&pcmd->list);
r8712_enqueue_cmd(pcmdpriv, pcmd);
return _SUCCESS;
+
+err_free_all;
+ kfree(psetkeyparm);
+err_free_pcmd:
+ kfree(pcmd);
+
+ return _FAIL;
}
/* adjust IEs for r8712_joinbss_cmd in WMM */
--
1.7.10.4
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
