[PATCH] iw: Fix memory leak if nla_put fails

Amit Khatri <amit.khatri@xxxxxxxxxxx> · Sat, 07 Nov 2015 11:43:05 +0000 (GMT)

>From 80c956f15edfe4f59a6c13ae8ad08bea0b78aafc Mon Sep 17 00:00:00 2001
From: Amit Khatri <amit.khatri@xxxxxxxxxxx>
Date: Sat, 7 Nov 2015 17:00:47 +0530
Subject: [PATCH] Fix memory leak if nla_put fails

Signed-off-by: Amit Khatri <amit.khatri@xxxxxxxxxxx>
Signed-off-by: Rahul Jain <rahul.jain@xxxxxxxxxxx>
Signed-off-by: Ashutosh Kaushik <k.ashutosh@xxxxxxxxxxx>

avoid memory leak because of nla_put_failure
---
 coalesce.c |  7 ++++++-
 wowlan.c   | 28 ++++++++++++++++++++++------
 2 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/coalesce.c b/coalesce.c
index 36dcaef..9b13ab3 100644
--- a/coalesce.c
+++ b/coalesce.c
@@ -124,7 +124,8 @@ static int handle_coalesce_enable(struct nl80211_state *state,
 					nla_nest_end(msg, nl_pat);
 					free(mask);
 					free(pat);
-
+					pat=NULL;
+					mask=NULL;
 					if (!next_pat)
 						break;
 					cur_pat = next_pat;
@@ -155,6 +156,10 @@ static int handle_coalesce_enable(struct nl80211_state *state,
 		err = 1;
 	goto close;
 nla_put_failure:
+	if(pat)
+		free(pat);
+	if(mask)
+		free(mask);
 	err = -ENOBUFS;
 close:
 	fclose(f);
diff --git a/wowlan.c b/wowlan.c
index c30eab7..2e1d43d 100644
--- a/wowlan.c
+++ b/wowlan.c
@@ -89,7 +89,10 @@ static int wowlan_parse_tcp_file(struct nl_msg *msg, const char *fn)
 
 			if (!pkt)
 				goto close;
-			NLA_PUT(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, len, pkt);
+			if(nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, len, pkt) < 0){
+				free(pkt);
+				goto nla_put_failure;
+			}
 			free(pkt);
 		} else if (strncmp(buf, "data.interval=", 14) == 0) {
 			NLA_PUT_U32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
@@ -97,13 +100,20 @@ static int wowlan_parse_tcp_file(struct nl_msg *msg, const char *fn)
 		} else if (strncmp(buf, "wake=", 5) == 0) {
 			unsigned char *pat, *mask;
 			size_t patlen;
-
 			if (parse_hex_mask(buf + 5, &pat, &patlen, &mask))
 				goto close;
-			NLA_PUT(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
-				DIV_ROUND_UP(patlen, 8), mask);
-			NLA_PUT(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
-				patlen, pat);
+			if(nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
+				DIV_ROUND_UP(patlen, 8), mask) < 0){
+				free(mask);
+				free(pat);
+				goto nla_put_failure;
+			}
+			if(nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
+				patlen, pat) < 0){
+				free(pat);
+				free(mask);
+				goto nla_put_failure;
+			}
 			free(mask);
 			free(pat);
 		} else if (strncmp(buf, "data.seq=", 9) == 0) {
@@ -299,6 +309,8 @@ static int handle_wowlan_enable(struct nl80211_state *state,
 			nla_nest_end(patterns, pattern);
 			free(mask);
 			free(pat);
+			pat=NULL;
+			mask=NULL;
 			break;
 		}
 		argv++;
@@ -312,6 +324,10 @@ static int handle_wowlan_enable(struct nl80211_state *state,
 	nla_nest_end(msg, wowlan);
 	err = 0;
  nla_put_failure:
+	if(pat)
+		free(pat);
+	if(mask)
+		free(mask);
 	nlmsg_free(patterns);
 	return err;
 }
-- 
1.9.1
��.n��������+%������w��{.n�����{���zW����ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f







