From patchwork Mon Dec 5 21:52:46 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Lamparter X-Patchwork-Id: 9461621 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E9BBD6022E for ; Mon, 5 Dec 2016 21:52:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E0B282815E for ; Mon, 5 Dec 2016 21:52:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D54E428178; Mon, 5 Dec 2016 21:52:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6603D2815E for ; Mon, 5 Dec 2016 21:52:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752581AbcLEVw4 (ORCPT ); Mon, 5 Dec 2016 16:52:56 -0500 Received: from mail-wm0-f65.google.com ([74.125.82.65]:35791 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751524AbcLEVwy (ORCPT ); Mon, 5 Dec 2016 16:52:54 -0500 Received: by mail-wm0-f65.google.com with SMTP id a20so18361437wme.2 for ; Mon, 05 Dec 2016 13:52:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=70gvJnXM9UOFZ2bgrtivfTb+w+XjS1Tcgh1UggGj3kg=; b=GlP3KWantp+s8whm79TAhHZnIu44ODTuddN8m5/OAgtAQ/aLOmSDx5tCeQHhqOt8yN A9LPrKyli55s4RYLV+S9XFh61tHRHVPnP3d8Wf9XERHmXAPJ/AC2oBuF8Ulj6gURwjZr qOivUutp5o/O3/d2DSQUF0zYXc7IlR46e0e7fdaA08rkp3OIUVdKNwL87HWBsbJDGMv5 PERV2yf3x26zcqvMzswj/lYhFXuwFCXDAhPL4SE5k/dQew98qtGzj6HMMwStlLfKcZGI h+bx1MYnn1G0+LmZPC8itm3PP3pS6Qx/3+wVIK6g2wo2wilxrhotZvdbdpFATcki8FWG 3yKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=70gvJnXM9UOFZ2bgrtivfTb+w+XjS1Tcgh1UggGj3kg=; b=SSnf9NWxgLqOBFWmyjt7q4uNou+decVCw1GUlDIxbXe9eVlPCeCCCxRbcOTpRxSj4T 3iKswm+1fJpsl8S4GufGqOVlNGFfD5gk0EgvmGqrXZKHQYaiCARO5q6IZjCkFsyhPSb6 379WvWwq/oUZ9bCte+oBMIWut1QkXfqh3Wa6FSboCGJABr45EVmvIsAwEfF2gp4rTtKM qfVqWNkuqWmu20TK+IZ2ErTBbsJb4AgXes1Kksi85tVS0SC9601uUn2WbSHniCTseGLT SG9LgYChfCRX2kSfMKtqliFg73/ntYjhR/KUj2pFAKs88bVWV0Dq/J7n6HZpW5KhCuA7 bkQw== X-Gm-Message-State: AKaTC00BulailvgNMCII6jXPeMGN91kIG+nzuyw11jxDj5u2AlPapw9MmPeoIsmjzufIgQ== X-Received: by 10.28.130.66 with SMTP id e63mr10980446wmd.39.1480974767529; Mon, 05 Dec 2016 13:52:47 -0800 (PST) Received: from debian64.daheim (p5B2E638E.dip0.t-ipconnect.de. [91.46.99.142]) by smtp.gmail.com with ESMTPSA id i132sm669928wmf.14.2016.12.05.13.52.46 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 05 Dec 2016 13:52:46 -0800 (PST) Received: from chuck by debian64.daheim with local (Exim 4.88) (envelope-from ) id 1cE1Bm-0002Xq-8j; Mon, 05 Dec 2016 22:52:46 +0100 From: Christian Lamparter To: linux-wireless@vger.kernel.org, ath10k@lists.infradead.org Cc: Kalle Valo Subject: [PATCH 2/2] ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() Date: Mon, 5 Dec 2016 22:52:46 +0100 Message-Id: X-Mailer: git-send-email 2.11.0 In-Reply-To: <992a4e2676037a06f482cdbe2d3d39e287530be5.1480974623.git.chunkeey@googlemail.com> References: <992a4e2676037a06f482cdbe2d3d39e287530be5.1480974623.git.chunkeey@googlemail.com> In-Reply-To: <992a4e2676037a06f482cdbe2d3d39e287530be5.1480974623.git.chunkeey@googlemail.com> References: <992a4e2676037a06f482cdbe2d3d39e287530be5.1480974623.git.chunkeey@googlemail.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP ath10k_wmi_tlv_op_pull_fw_stats() uses tb = ath10k_wmi_tlv_parse_alloc(...) function, which allocates memory. If any of the three error-paths are taken, this tb needs to be freed. Signed-off-by: Christian Lamparter --- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.c b/drivers/net/wireless/ath/ath10k/wmi-tlv.c index f304f6632c4f..1f6bb9e8bb01 100644 --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c @@ -1105,8 +1105,10 @@ static int ath10k_wmi_tlv_op_pull_fw_stats(struct ath10k *ar, struct ath10k_fw_stats_pdev *dst; src = data; - if (data_len < sizeof(*src)) + if (data_len < sizeof(*src)) { + kfree(tb); return -EPROTO; + } data += sizeof(*src); data_len -= sizeof(*src); @@ -1126,8 +1128,10 @@ static int ath10k_wmi_tlv_op_pull_fw_stats(struct ath10k *ar, struct ath10k_fw_stats_vdev *dst; src = data; - if (data_len < sizeof(*src)) + if (data_len < sizeof(*src)) { + kfree(tb); return -EPROTO; + } data += sizeof(*src); data_len -= sizeof(*src); @@ -1145,8 +1149,10 @@ static int ath10k_wmi_tlv_op_pull_fw_stats(struct ath10k *ar, struct ath10k_fw_stats_peer *dst; src = data; - if (data_len < sizeof(*src)) + if (data_len < sizeof(*src)) { + kfree(tb); return -EPROTO; + } data += sizeof(*src); data_len -= sizeof(*src);