From patchwork Tue Aug 18 23:43:31 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave X-Patchwork-Id: 42454 Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n7INhsOM009907 for ; Tue, 18 Aug 2009 23:43:54 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752179AbZHRXni (ORCPT ); Tue, 18 Aug 2009 19:43:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752138AbZHRXni (ORCPT ); Tue, 18 Aug 2009 19:43:38 -0400 Received: from ey-out-2122.google.com ([74.125.78.24]:53777 "EHLO ey-out-2122.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750837AbZHRXnh (ORCPT ); Tue, 18 Aug 2009 19:43:37 -0400 Received: by ey-out-2122.google.com with SMTP id 22so859163eye.37 for ; Tue, 18 Aug 2009 16:43:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:received:from:to:cc:subject :date:message-id:x-mailer; bh=B28Rda/duJTrgL5MPIO79hYFa3oa7Qrom3RniUaL8Qg=; b=H5R6DlTbC1WstYzWCAa0VG8v6Ewx3M13ouz9JY2Rv+XBKaWFy1Hi6nL9GtF9pHJQUi eZs7hpTVZ2DQjO+QcjdVyoLksMOagjejLlf/ykk6Z/d8ej1BWiVcSCkk+4B/n6FTTj4Z zEHGf6hXEVSpAds7VaOD9UghtTSW5X8fxncts= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; b=G7O6lLSfhWLAmR2bPS5/BgJ2YaXp3XxM4DumpyMYyGGF4x/q6HroGjWyUX3nFj2RJ/ 88ibFSWDylso1Xpl2gEJ+IHNFu1w+uknkove3kelwPCjU04L80z6/lGeU6vz0vvyz+u8 cS8rDH0o3ROooRji5SjdiAssrHaU8anAxjzSc= Received: by 10.210.141.9 with SMTP id o9mr5186881ebd.59.1250639018135; Tue, 18 Aug 2009 16:43:38 -0700 (PDT) Received: from borken (5ac998cf.bb.sky.com [90.201.152.207]) by mx.google.com with ESMTPS id 28sm1462825eye.5.2009.08.18.16.43.35 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 18 Aug 2009 16:43:37 -0700 (PDT) Received: by borken (sSMTP sendmail emulation); Wed, 19 Aug 2009 00:43:34 +0100 From: David Kilroy To: linux-wireless@vger.kernel.org Cc: David Kilroy , Johannes Berg Subject: [PATCH] cfg80211: fix leaks of wdev->conn->ie Date: Wed, 19 Aug 2009 00:43:31 +0100 Message-Id: <1250639011-18258-1-git-send-email-kilroyd@googlemail.com> X-Mailer: git-send-email 1.6.3.3 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org This only occurs in the following error situations: - driver calls connect_result with failure - error scheduling authentication on connect - error initiating scan (to get BSSID and channel) on connect - userspace calls disconnect while in the SCANNING or SCAN_AGAIN states Signed-off-by: David Kilroy Cc: Johannes Berg Reviewed-by: Johannes Berg --- I came across this while looking at my orinoco scanning issue. It's possible I'm wrong... --- net/wireless/sme.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 6fb6a70..9ddc00e 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -395,6 +395,8 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, if (status != WLAN_STATUS_SUCCESS) { wdev->sme_state = CFG80211_SME_IDLE; + if (wdev->conn) + kfree(wdev->conn->ie); kfree(wdev->conn); wdev->conn = NULL; kfree(wdev->connect_keys); @@ -779,6 +781,7 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev, } } if (err) { + kfree(wdev->conn->ie); kfree(wdev->conn); wdev->conn = NULL; wdev->sme_state = CFG80211_SME_IDLE; @@ -848,6 +851,7 @@ int __cfg80211_disconnect(struct cfg80211_registered_device *rdev, (wdev->conn->state == CFG80211_CONN_SCANNING || wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) { wdev->sme_state = CFG80211_SME_IDLE; + kfree(wdev->conn->ie); kfree(wdev->conn); wdev->conn = NULL; wdev->ssid_len = 0;