Line 5961 (#1) allocates a memory chunk for input by kmalloc().
Line 5966 (#2), line 5982 (#4) and line 5987 (#5) free the input
before the function returns while line 5979 (#3) forget to free it,
which will lead to a memory leak.
We should kfree() input in line 5979 (#3).
5953 static int rtw_mp_pwrtrk(struct net_device *dev,
5954 struct iw_request_info *info,
5955 struct iw_point *wrqu, char *extra)
5956 {
5961 char *input = kmalloc(wrqu->length, GFP_KERNEL);
// #1: kmalloc space
5963 if (!input)
5964 return -ENOMEM;
5965 if (copy_from_user(input, wrqu->pointer, wrqu->length)) {
5966 kfree(input); // #2: kfree space
5967 return -EFAULT;
5968 }
5973 if (strncmp(input, "stop", 4) == 0) {
5974 enable = 0;
5975 sprintf(extra, "mp tx power tracking stop");
5976 } else if (sscanf(input, "ther =%d", &thermal)) {
5977 ret = Hal_SetThermalMeter(padapter, (u8)thermal);
5978 if (ret == _FAIL)
5979 return -EPERM; // #3: missing kfree
5980 sprintf(extra, "mp tx power tracking start,
target value =%d ok ", thermal);
5981 } else {
5982 kfree(input); // #4: kfree space
5983 return -EINVAL;
5984 }
5987 kfree(input); // #5: kfree space
5993 return 0;
5994 }
Signed-off-by: Jianglei Nie <niejianglei2021@xxxxxxx>
---
drivers/staging/r8188eu/os_dep/ioctl_linux.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
index 1fd375076001..8f9e0f12c51f 100644
--- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
@@ -5975,8 +5975,10 @@ static int rtw_mp_pwrtrk(struct net_device *dev,
sprintf(extra, "mp tx power tracking stop");
} else if (sscanf(input, "ther =%d", &thermal)) {
ret = Hal_SetThermalMeter(padapter, (u8)thermal);
- if (ret == _FAIL)
+ if (ret == _FAIL) {
+ kfree(input);
return -EPERM;
+ }
sprintf(extra, "mp tx power tracking start, target value =%d ok ", thermal);
} else {
kfree(input);
--
2.25.1
