nl80211: fix memory leak in monitor flags parsing

If monitor flags parsing results in active monitor but that
isn't supported, the already allocated message is leaked.
Fix this by moving the allocation after this check.

Reported-by: Christian Engelmayer <cengelma@gmx.at>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 3c7fb0459e58..be2501538011 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2654,10 +2654,6 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
                         return err;
         }
 
-        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-        if (!msg)
-                return -ENOMEM;
-
         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
                                   &flags);
@@ -2666,6 +2662,10 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
             !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
                 return -EOPNOTSUPP;
 
+        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+        if (!msg)
+                return -ENOMEM;
+
         wdev = rdev_add_virtual_intf(rdev,
                                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
                                 type, err ? NULL : &flags, &params);