Search Linux Wireless

[PATCH 3/7] iw: fix memory leak inside handle_cac

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: John Crispin <john@xxxxxxxxxxx>
---
 phy.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/phy.c b/phy.c
index 77df7a7..a4425ea 100644
--- a/phy.c
+++ b/phy.c
@@ -328,12 +328,15 @@ static int handle_cac(struct nl80211_state *state,
 	} else if (strcmp(argv[2], "freq") == 0) {
 		err = parse_freqchan(&chandef, false, argc - 3, argv + 3, NULL);
 	} else {
-		return 1;
+		err = 1;
+		goto err_out;
 	}
 
 	cac_trigger_argv = calloc(argc + 1, sizeof(char*));
-	if (!cac_trigger_argv)
-		return -ENOMEM;
+	if (!cac_trigger_argv) {
+		err = -ENOMEM;
+		goto err_out;
+	}
 
 	cac_trigger_argv[0] = argv[0];
 	cac_trigger_argv[1] = "cac";
@@ -341,9 +344,8 @@ static int handle_cac(struct nl80211_state *state,
 	memcpy(&cac_trigger_argv[3], &argv[2], (argc - 2) * sizeof(char*));
 
 	err = handle_cmd(state, id, argc + 1, cac_trigger_argv);
-	free(cac_trigger_argv);
 	if (err)
-		return err;
+		goto err_out;
 
 	cac_event.ret = 1;
 	cac_event.freq = chandef.control_freq;
@@ -357,7 +359,13 @@ static int handle_cac(struct nl80211_state *state,
 	while (cac_event.ret > 0)
 		nl_recvmsgs(state->nl_sock, radar_cb);
 
-	return 0;
+	err = 0;
+err_out:
+	if (radar_cb)
+		nl_cb_put(radar_cb);
+	if (cac_trigger_argv)
+		free(cac_trigger_argv);
+	return err;
 }
 TOPLEVEL(cac, "channel <channel> [NOHT|HT20|HT40+|HT40-|5MHz|10MHz|80MHz]\n"
 	      "freq <freq> [NOHT|HT20|HT40+|HT40-|5MHz|10MHz|80MHz]\n"
-- 
2.20.1




[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux