Patch "ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()" has been added to the 4.9-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Tue, 28 Nov 2017 10:50:12 +0100

This is a note to let you know that I've just added the patch titled

    ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ath10k-fix-potential-memory-leak-in-ath10k_wmi_tlv_op_pull_fw_stats.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Tue Nov 28 10:49:28 CET 2017
From: Christian Lamparter <chunkeey@xxxxxxxxxxxxxx>
Date: Thu, 29 Dec 2016 16:12:09 +0200
Subject: ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()

From: Christian Lamparter <chunkeey@xxxxxxxxxxxxxx>


[ Upstream commit 097e46d2ae90265d1afe141ba6208ba598b79e01 ]

ath10k_wmi_tlv_op_pull_fw_stats() uses tb = ath10k_wmi_tlv_parse_alloc(...)
function, which allocates memory. If any of the three error-paths are
taken, this tb needs to be freed.

Signed-off-by: Christian Lamparter <chunkeey@xxxxxxxxxxxxxx>
Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/net/wireless/ath/ath10k/wmi-tlv.c |   12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

--- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
+++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
@@ -1105,8 +1105,10 @@ static int ath10k_wmi_tlv_op_pull_fw_sta
 		struct ath10k_fw_stats_pdev *dst;
 
 		src = data;
-		if (data_len < sizeof(*src))
+		if (data_len < sizeof(*src)) {
+			kfree(tb);
 			return -EPROTO;
+		}
 
 		data += sizeof(*src);
 		data_len -= sizeof(*src);
@@ -1126,8 +1128,10 @@ static int ath10k_wmi_tlv_op_pull_fw_sta
 		struct ath10k_fw_stats_vdev *dst;
 
 		src = data;
-		if (data_len < sizeof(*src))
+		if (data_len < sizeof(*src)) {
+			kfree(tb);
 			return -EPROTO;
+		}
 
 		data += sizeof(*src);
 		data_len -= sizeof(*src);
@@ -1145,8 +1149,10 @@ static int ath10k_wmi_tlv_op_pull_fw_sta
 		struct ath10k_fw_stats_peer *dst;
 
 		src = data;
-		if (data_len < sizeof(*src))
+		if (data_len < sizeof(*src)) {
+			kfree(tb);
 			return -EPROTO;
+		}
 
 		data += sizeof(*src);
 		data_len -= sizeof(*src);


Patches currently in stable-queue which might be from chunkeey@xxxxxxxxxxxxxx are

queue-4.9/p54-don-t-unregister-leds-when-they-are-not-initialized.patch
queue-4.9/ath10k-fix-potential-memory-leak-in-ath10k_wmi_tlv_op_pull_fw_stats.patch






