| Message ID | 20170602154045.28948-1-colin.king@canonical.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | bc0384eedb66555f6b4662102675f9bf4a3d12b7 |
| Delegated to: | Kalle Valo |
| Headers | show |
On 06/02/2017 08:40 AM, Colin King wrote: > External Email > > > From: Colin Ian King <colin.king@canonical.com> > > The current code allocates cmd_skb and then will leak this if band->band > is an illegal value. It is simpler to sanity check the band first before > allocating cmd_skb so that we don't have to free cmd_skb if an invalid > band occurs. > > Detected by CoverityScan, CID#1437561 ("Resource Leak") > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > drivers/net/wireless/quantenna/qtnfmac/commands.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/drivers/net/wireless/quantenna/qtnfmac/commands.c b/drivers/net/wireless/quantenna/qtnfmac/commands.c > index f0a0cfa7d8a1..cce62f39edaf 100644 > --- a/drivers/net/wireless/quantenna/qtnfmac/commands.c > +++ b/drivers/net/wireless/quantenna/qtnfmac/commands.c > @@ -1300,12 +1300,6 @@ int qtnf_cmd_get_mac_chan_info(struct qtnf_wmac *mac, > int ret = 0; > u8 qband; > > - cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, 0, > - QLINK_CMD_CHANS_INFO_GET, > - sizeof(*cmd)); > - if (!cmd_skb) > - return -ENOMEM; > - > switch (band->band) { > case NL80211_BAND_2GHZ: > qband = QLINK_BAND_2GHZ; > @@ -1320,6 +1314,12 @@ int qtnf_cmd_get_mac_chan_info(struct qtnf_wmac *mac, > return -EINVAL; > } > > + cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, 0, > + QLINK_CMD_CHANS_INFO_GET, > + sizeof(*cmd)); > + if (!cmd_skb) > + return -ENOMEM; > + > cmd = (struct qlink_cmd_chans_info_get *)cmd_skb->data; > cmd->band = qband; > ret = qtnf_cmd_send_with_reply(mac->bus, cmd_skb, &resp_skb, &res_code, > -- > 2.11.0 > Reviewed-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Colin Ian King <colin.king@canonical.com> wrote: > From: Colin Ian King <colin.king@canonical.com> > > The current code allocates cmd_skb and then will leak this if band->band > is an illegal value. It is simpler to sanity check the band first before > allocating cmd_skb so that we don't have to free cmd_skb if an invalid > band occurs. > > Detected by CoverityScan, CID#1437561 ("Resource Leak") > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > Reviewed-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Patch applied to wireless-drivers-next.git, thanks. bc0384eedb66 qtnfmac: check band before allocating cmd_skb to avoid resource leak
diff --git a/drivers/net/wireless/quantenna/qtnfmac/commands.c b/drivers/net/wireless/quantenna/qtnfmac/commands.c index f0a0cfa7d8a1..cce62f39edaf 100644 --- a/drivers/net/wireless/quantenna/qtnfmac/commands.c +++ b/drivers/net/wireless/quantenna/qtnfmac/commands.c @@ -1300,12 +1300,6 @@ int qtnf_cmd_get_mac_chan_info(struct qtnf_wmac *mac, int ret = 0; u8 qband; - cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, 0, - QLINK_CMD_CHANS_INFO_GET, - sizeof(*cmd)); - if (!cmd_skb) - return -ENOMEM; - switch (band->band) { case NL80211_BAND_2GHZ: qband = QLINK_BAND_2GHZ; @@ -1320,6 +1314,12 @@ int qtnf_cmd_get_mac_chan_info(struct qtnf_wmac *mac, return -EINVAL; } + cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, 0, + QLINK_CMD_CHANS_INFO_GET, + sizeof(*cmd)); + if (!cmd_skb) + return -ENOMEM; + cmd = (struct qlink_cmd_chans_info_get *)cmd_skb->data; cmd->band = qband; ret = qtnf_cmd_send_with_reply(mac->bus, cmd_skb, &resp_skb, &res_code,