diff options
author | Jesper Juhl <jj@chaosbits.net> | 2010-10-29 10:10:26 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2010-10-29 14:33:26 -0400 |
commit | 520efd1ace3f826120482e57a95d649b4e1c1684 (patch) | |
tree | 04445d2fde489b7b7a3d8fa4898a0731817f6ca0 | |
parent | 731b2034999bbfe86c9074f1b0d611940bf7c323 (diff) |
mac80211: fix failure to check kmalloc return value in key_key_read
I noticed two small issues in mac80211/debugfs_key.c::key_key_read while
reading through the code. Patch below.
The key_key_read() function returns ssize_t and the value that's actually
returned is the return value of simple_read_from_buffer() which also
returns ssize_t, so let's hold the return value in a ssize_t local
variable rather than a int one.
Also, memory is allocated dynamically with kmalloc() which can fail, but
the return value of kmalloc() is not checked, so we may end up operating
on a null pointer further on. So check for a NULL return and bail out with
-ENOMEM in that case.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r-- | net/mac80211/debugfs_key.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/net/mac80211/debugfs_key.c b/net/mac80211/debugfs_key.c index 4aa47d074a79..1243d1db5c59 100644 --- a/net/mac80211/debugfs_key.c +++ b/net/mac80211/debugfs_key.c | |||
@@ -203,9 +203,13 @@ static ssize_t key_key_read(struct file *file, char __user *userbuf, | |||
203 | size_t count, loff_t *ppos) | 203 | size_t count, loff_t *ppos) |
204 | { | 204 | { |
205 | struct ieee80211_key *key = file->private_data; | 205 | struct ieee80211_key *key = file->private_data; |
206 | int i, res, bufsize = 2 * key->conf.keylen + 2; | 206 | int i, bufsize = 2 * key->conf.keylen + 2; |
207 | char *buf = kmalloc(bufsize, GFP_KERNEL); | 207 | char *buf = kmalloc(bufsize, GFP_KERNEL); |
208 | char *p = buf; | 208 | char *p = buf; |
209 | ssize_t res; | ||
210 | |||
211 | if (!buf) | ||
212 | return -ENOMEM; | ||
209 | 213 | ||
210 | for (i = 0; i < key->conf.keylen; i++) | 214 | for (i = 0; i < key->conf.keylen; i++) |
211 | p += scnprintf(p, bufsize + buf - p, "%02x", key->conf.key[i]); | 215 | p += scnprintf(p, bufsize + buf - p, "%02x", key->conf.key[i]); |