The NLA_PUT macro will automatically goto nla_put_failure if
the underlying nla_put fails. This will in turn leak our malloced
memory in both the scan and wowlan commands.
Fix that by not using the macro in the cases where we have
allocated heap mem.
Signed-off-by: Ola Olsson <ola.olsson@xxxxxxxxxxxxxx>
---
scan.c | 5 ++++-
wowlan.c | 8 ++++++--
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/scan.c b/scan.c
index 8762784..06c4255 100644
--- a/scan.c
+++ b/scan.c
@@ -458,7 +458,10 @@ static int handle_scan(struct nl80211_state *state,
memcpy(&tmpies[ies_len], meshid, meshid_len);
free(meshid);
}
- NLA_PUT(msg, NL80211_ATTR_IE, ies_len + meshid_len, tmpies);
+ if (nla_put(msg, NL80211_ATTR_IE, ies_len + meshid_len, tmpies) < 0) {
+ free(tmpies);
+ goto nla_put_failure;
+ }
free(tmpies);
}
diff --git a/wowlan.c b/wowlan.c
index e1d3750..c30eab7 100644
--- a/wowlan.c
+++ b/wowlan.c
@@ -159,8 +159,12 @@ static int wowlan_parse_tcp_file(struct nl_msg *msg, const char *fn)
tok->offset = atoi(offs);
memcpy(tok->token_stream, stream, stream_len);
- NLA_PUT(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
- sizeof(*tok) + stream_len, tok);
+ if (nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
+ sizeof(*tok) + stream_len, tok) < 0) {
+ free(stream);
+ free(tok);
+ goto nla_put_failure;
+ }
free(stream);
free(tok);
} else {
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
