From e0c49319774f06fa7d2bf4731640c2ec1c6847be Mon Sep 17 00:00:00 2001 From: Christian Engelmayer Date: Wed, 7 May 2014 21:39:02 +0200 Subject: [PATCH] staging: rtl8188eu: fix potential leak in rtw_set_key() Fix a potential leak in the error path of rtw_set_key(). In case the requested algorithm is not supported by the driver, the function returns without enqueuing or freeing the already allocated command and parameter structs. Use a centralized exit path and make sure that all memory is freed correctly. Detected by Coverity - CID 1077716, 1077717. Signed-off-by: Christian Engelmayer Signed-off-by: Greg Kroah-Hartman --- drivers/staging/rtl8188eu/core/rtw_mlme.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme.c b/drivers/staging/rtl8188eu/core/rtw_mlme.c index 769d4ddc6754..155282ef78fb 100644 --- a/drivers/staging/rtl8188eu/core/rtw_mlme.c +++ b/drivers/staging/rtl8188eu/core/rtw_mlme.c @@ -1727,15 +1727,13 @@ int rtw_set_key(struct adapter *adapter, struct security_priv *psecuritypriv, in int res = _SUCCESS; pcmd = (struct cmd_obj *)rtw_zmalloc(sizeof(struct cmd_obj)); - if (pcmd == NULL) { - res = _FAIL; /* try again */ - goto exit; - } + if (pcmd == NULL) + return _FAIL; /* try again */ + psetkeyparm = (struct setkey_parm *)rtw_zmalloc(sizeof(struct setkey_parm)); if (psetkeyparm == NULL) { - kfree(pcmd); res = _FAIL; - goto exit; + goto err_free_cmd; } _rtw_memset(psetkeyparm, 0, sizeof(struct setkey_parm)); @@ -1784,7 +1782,7 @@ int rtw_set_key(struct adapter *adapter, struct security_priv *psecuritypriv, in ("\n rtw_set_key:psecuritypriv->dot11PrivacyAlgrthm=%x (must be 1 or 2 or 4 or 5)\n", psecuritypriv->dot11PrivacyAlgrthm)); res = _FAIL; - goto exit; + goto err_free_parm; } pcmd->cmdcode = _SetKey_CMD_; pcmd->parmbuf = (u8 *)psetkeyparm; @@ -1793,7 +1791,12 @@ int rtw_set_key(struct adapter *adapter, struct security_priv *psecuritypriv, in pcmd->rspsz = 0; _rtw_init_listhead(&pcmd->list); res = rtw_enqueue_cmd(pcmdpriv, pcmd); -exit: + return res; + +err_free_parm: + kfree(psetkeyparm); +err_free_cmd: + kfree(pcmd); return res; } -- 2.34.1