Line 6183 (#1) allocates a memory chunk for input by kmalloc().
Line 6204 (#3) frees the input before the function returns while
line 6190 (#2) forget to free it, which will lead to a memory leak.
We should kfree() input in line 6190 (#2).
6177 static int rtw_mp_QueryDrv(struct net_device *dev,
6178 struct iw_request_info *info,
6179 union iwreq_data *wrqu, char *extra)
6180 {
6182 char *input = kmalloc(wrqu->data.length, GFP_KERNEL);
// #1: kmalloc space
6186 if (!input)
6187 return -ENOMEM;
6189 if (copy_from_user(input, wrqu->data.pointer, wrqu->data.length))
6190 return -EFAULT; // #2: missing kfree
6204 kfree(input); // #3: kfree space
6205 return 0;
6206 }
Signed-off-by: Jianglei Nie <niejianglei2021@xxxxxxx>
---
drivers/staging/r8188eu/os_dep/ioctl_linux.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
index 1fd375076001..0524523910f0 100644
--- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
@@ -6186,8 +6186,11 @@ static int rtw_mp_QueryDrv(struct net_device *dev,
if (!input)
return -ENOMEM;
- if (copy_from_user(input, wrqu->data.pointer, wrqu->data.length))
- return -EFAULT;
+ if (copy_from_user(input, wrqu->data.pointer, wrqu->data.length)) {
+ kfree(input);
+ return -EFAULT;
+ }
+
DBG_88E("%s:iwpriv in =%s\n", __func__, input);
qAutoLoad = strncmp(input, "autoload", 8); /* strncmp true is 0 */
--
2.25.1
