Re: [PATCH] cfg80211: fix leaks of wdev->conn->ie

[Johannes Berg <johannes@xxxxxxxxxxxxxxxx>]

On Wed, 2009-08-19 at 00:43 +0100, David Kilroy wrote:
> This only occurs in the following error situations:
>  - driver calls connect_result with failure
>  - error scheduling authentication on connect
>  - error initiating scan (to get BSSID and channel) on
>    connect
>  - userspace calls disconnect while in the SCANNING or
>    SCAN_AGAIN states
> 
> Signed-off-by: David Kilroy <kilroyd@xxxxxxxxxxxxxx>
> Cc: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
> ---
> 
> I came across this while looking at my orinoco scanning issue. It's
> possible I'm wrong...

Yes, looks like I forgot these, thanks!

Reviewed-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>

> ---
> 
>  net/wireless/sme.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/net/wireless/sme.c b/net/wireless/sme.c
> index 6fb6a70..9ddc00e 100644
> --- a/net/wireless/sme.c
> +++ b/net/wireless/sme.c
> @@ -395,6 +395,8 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
>  
>  	if (status != WLAN_STATUS_SUCCESS) {
>  		wdev->sme_state = CFG80211_SME_IDLE;
> +		if (wdev->conn)
> +			kfree(wdev->conn->ie);
>  		kfree(wdev->conn);
>  		wdev->conn = NULL;
>  		kfree(wdev->connect_keys);
> @@ -779,6 +781,7 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
>  			}
>  		}
>  		if (err) {
> +			kfree(wdev->conn->ie);
>  			kfree(wdev->conn);
>  			wdev->conn = NULL;
>  			wdev->sme_state = CFG80211_SME_IDLE;
> @@ -848,6 +851,7 @@ int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
>  		    (wdev->conn->state == CFG80211_CONN_SCANNING ||
>  		     wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) {
>  			wdev->sme_state = CFG80211_SME_IDLE;
> +			kfree(wdev->conn->ie);
>  			kfree(wdev->conn);
>  			wdev->conn = NULL;
>  			wdev->ssid_len = 0;

Attachment: signature.asc
Description: This is a digitally signed message part