[PATCH] staging: r8188eu: fix a memory leak in rtw_mp_QueryDrv()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Line 6191 (#1) allocates a memory chunk for input by kmalloc().
Line 6213 (#3) frees the input before the function returns while
line 6199 (#2) forget to free it, which will lead to a memory leak.
This bug influences all stable versions from 5.15.1 to 5.15.7.

We should kfree() input in line 6199 (#2).

6186 static int rtw_mp_QueryDrv(struct net_device *dev,
6187 			struct iw_request_info *info,
6188 			union iwreq_data *wrqu, char *extra)
6189 {
6191	char	*input = kmalloc(wrqu->data.length, GFP_KERNEL);
	// #1: kmalloc space

6195	if (!input)
6196		return -ENOMEM;

6198 	if (copy_from_user(input, wrqu->data.pointer, wrqu->data.length))
6199 			return -EFAULT; // #2: missing kfree

6213 	kfree(input); // #3: kfree space
6214 	return 0;
6215 }

Signed-off-by: Jianglei Nie <niejianglei2021@xxxxxxx>
---
 drivers/staging/r8188eu/os_dep/ioctl_linux.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
index 906a57eae1af..edc660f15436 100644
--- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
@@ -6195,8 +6195,11 @@ static int rtw_mp_QueryDrv(struct net_device *dev,
 	if (!input)
 		return -ENOMEM;
 
-	if (copy_from_user(input, wrqu->data.pointer, wrqu->data.length))
-			return -EFAULT;
+	if (copy_from_user(input, wrqu->data.pointer, wrqu->data.length)) {
+		kfree(input);
+		return -EFAULT;
+	}
+
 	DBG_88E("%s:iwpriv in =%s\n", __func__, input);
 
 	qAutoLoad = strncmp(input, "autoload", 8); /*  strncmp true is 0 */
-- 
2.25.1





[Index of Archives]     [Linux Driver Development]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux