diff mbox series

[V2] wifi: cfg80211: fix memory leak in query_regdb_file()

Message ID 20221020114040.169564-1-arend.vanspriel@broadcom.com (mailing list archive)
State Accepted
Delegated to: Johannes Berg
Headers show
Series [V2] wifi: cfg80211: fix memory leak in query_regdb_file() | expand

Commit Message

Arend van Spriel Oct. 20, 2022, 11:40 a.m. UTC 
In the function query_regdb_file() the alpha2 parameter is duplicated
using kmemdup() and subsequently freed in regdb_fw_cb(). However,
request_firmware_nowait() can fail without calling regdb_fw_cb() and
thus leak memory.

Fixes: 007f6c5e6eb4 ("cfg80211: support loading regulatory database as firmware file")
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
---
Got a hint from Florian that previous patch had line wrapping hence this update.
Also got sending emails using my work email going so changing indentities here.

Regards,
Arend
---
 net/wireless/reg.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index ec25924a1c26..f629c2e15fea 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1080,6 +1080,8 @@  static void regdb_fw_cb(const struct firmware *fw, void *context)
 
 static int query_regdb_file(const char *alpha2)
 {
+	int err;
+
 	ASSERT_RTNL();
 
 	if (regdb)
@@ -1089,9 +1091,13 @@  static int query_regdb_file(const char *alpha2)
 	if (!alpha2)
 		return -ENOMEM;
 
-	return request_firmware_nowait(THIS_MODULE, true, "regulatory.db",
-				       &reg_pdev->dev, GFP_KERNEL,
-				       (void *)alpha2, regdb_fw_cb);
+	err = request_firmware_nowait(THIS_MODULE, true, "regulatory.db",
+				      &reg_pdev->dev, GFP_KERNEL,
+				      (void *)alpha2, regdb_fw_cb);
+	if (err)
+		kfree(alpha2);
+
+	return err;
 }
 
 int reg_reload_regdb(void)