Search Linux Wireless

Re: [syzbot] memory leak in cfg80211_inform_single_bss_frame_data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday, October 26, 2021 12:33:23 AM CEST syzbot wrote:
> syzbot has found a reproducer for the following issue on:
> 
> HEAD commit:    87066fdd2e30 Revert "mm/secretmem: use refcount_t instead 
..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=16b55554b00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=d25eeb482b0f99b
> dashboard link: https://syzkaller.appspot.com/bug?
extid=7a942657a255a9d9b18a
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils 
for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=171cf464b00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1396b19f300000
> 
> IMPORTANT: if you fix the issue, please add the following tag to the 
commit:
> Reported-by: syzbot+7a942657a255a9d9b18a@xxxxxxxxxxxxxxxxxxxxxxxxx
> 
> BUG: memory leak
> unreferenced object 0xffff88810f3c7980 (size 96):

Let's try the attached diff.

Fabio
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 11c68b159324..e84855ea4075 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -2380,7 +2380,7 @@ cfg80211_inform_single_bss_frame_data(struct wiphy *wiphy,
 		capability = le16_to_cpu(mgmt->u.probe_resp.capab_info);
 	}
 
-	ies = kzalloc(sizeof(*ies) + ielen, gfp);
+	ies = kzalloc(sizeof(cfg80211_bss_ies) + ielen, gfp);
 	if (!ies)
 		return NULL;
 	ies->len = ielen;

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux