From patchwork Sun Sep  2 13:41:04 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Wei Yongjun <weiyj.lk@gmail.com>
X-Patchwork-Id: 1396621
Return-Path: <linux-wireless-owner@vger.kernel.org>
X-Original-To: patchwork-linux-wireless@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork1.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork1.kernel.org (Postfix) with ESMTP id 8983A3FC71
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Sun,  2 Sep 2012 13:41:09 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751672Ab2IBNlH (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Sun, 2 Sep 2012 09:41:07 -0400
Received: from mail-qa0-f46.google.com ([209.85.216.46]:44994 "EHLO
	mail-qa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751098Ab2IBNlF (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Sun, 2 Sep 2012 09:41:05 -0400
Received: by qaas11 with SMTP id s11so1811764qaa.19
	for <multiple recipients>; Sun, 02 Sep 2012 06:41:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:cc:content-type;
	bh=zQT5APVnj7iqlskEt/pK4f8dm3Hl9y7jQDGl5Vq4Q6E=;
	b=caRlg6TuwqAYQmPaS5yMhGC3UUllPXO71igNIQvGwlPNbgPPN6ay+s6R2KMmVkWi9m
	VttY7HgmHqKPBcE36hEqydvvv0AJeqS8UKCnSoMjDN9rc3Jzbl33qkK3fWCrsrjzqTQU
	jjB7rYEjJu5nFtlE2xHxyqQwjKc7f2hViCKErsIFVVu8fQdG7R9cXqNzAjWU84zUqEkI
	3f4OEj2EV8+QYrX6h8vXZkePH0b8K7Ncqawn1FTURCrljDLD5I/9wLGfBMucVK1Jz3Ib
	XQ9TweGs3arjRe1hQlV8+jq8pPDCVIET/VDvezmpmdt0A6AI/900egzuLqp5qGjO09T2
	NFoQ==
MIME-Version: 1.0
Received: by 10.229.136.14 with SMTP id p14mr8056899qct.93.1346593264558;
	Sun, 02 Sep 2012 06:41:04 -0700 (PDT)
Received: by 10.229.146.194 with HTTP; Sun, 2 Sep 2012 06:41:04 -0700 (PDT)
Date: Sun, 2 Sep 2012 21:41:04 +0800
Message-ID: 
 <CAPgLHd_ykxWnV82swesivdEkyqP+a+hBgTTT8SXwn9RYWR1HFA@mail.gmail.com>
Subject: [PATCH] nl80211: [PATCH] nl80211: fix possible memory leak
	nl80211_connect()
From: Wei Yongjun <weiyj.lk@gmail.com>
To: johannes@sipsolutions.net, linville@tuxdriver.com,
	davem@davemloft.net
Cc: yongjun_wei@trendmicro.com.cn, linux-wireless@vger.kernel.org,
	netdev@vger.kernel.org
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>

connkeys is malloced in nl80211_parse_connkeys() and should
be freed in the error handling case, otherwise it will cause
memory leak.

spatch with a semantic match is used to found this problem.
(http://coccinelle.lip6.fr/)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
---
 net/wireless/nl80211.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 97026f3..1e37dbf 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -5633,8 +5633,10 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
 		       sizeof(connect.ht_capa_mask));
 
 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
-		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
+		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
+			kfree(connkeys);
 			return -EINVAL;
+		}
 		memcpy(&connect.ht_capa,
 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
 		       sizeof(connect.ht_capa));