diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2014-01-06 10:02:34 -0500 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2014-01-06 10:02:34 -0500 |
| commit | 5b0ec94f9cfdcd10f6eb4df75fba9404c72fea4d (patch) | |
| tree | d9b5ad22bc3f98c4bd02ab9be0a5de577f79f043 /net/mac80211 | |
| parent | ef04a29737dd08352fdf6431d119ca636d664efe (diff) | |
mac80211: fix memory leak in register_hw() error path
Move the internal scan request allocation below the last
sanity check in ieee80211_register_hw() to avoid leaking
memory if the sanity check actually triggers.
Reported-by: ZHAO Gang <gamerh2o@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211')
| -rw-r--r-- | net/mac80211/main.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 2bd5b552b2f6..d767cfb9b45f 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c | |||
| @@ -846,17 +846,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) | |||
| 846 | /* TODO: consider VHT for RX chains, hopefully it's the same */ | 846 | /* TODO: consider VHT for RX chains, hopefully it's the same */ |
| 847 | } | 847 | } |
| 848 | 848 | ||
| 849 | local->int_scan_req = kzalloc(sizeof(*local->int_scan_req) + | ||
| 850 | sizeof(void *) * channels, GFP_KERNEL); | ||
| 851 | if (!local->int_scan_req) | ||
| 852 | return -ENOMEM; | ||
| 853 | |||
| 854 | for (band = 0; band < IEEE80211_NUM_BANDS; band++) { | ||
| 855 | if (!local->hw.wiphy->bands[band]) | ||
| 856 | continue; | ||
| 857 | local->int_scan_req->rates[band] = (u32) -1; | ||
| 858 | } | ||
| 859 | |||
| 860 | /* if low-level driver supports AP, we also support VLAN */ | 849 | /* if low-level driver supports AP, we also support VLAN */ |
| 861 | if (local->hw.wiphy->interface_modes & BIT(NL80211_IFTYPE_AP)) { | 850 | if (local->hw.wiphy->interface_modes & BIT(NL80211_IFTYPE_AP)) { |
| 862 | hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN); | 851 | hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN); |
| @@ -880,6 +869,17 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) | |||
| 880 | return -EINVAL; | 869 | return -EINVAL; |
| 881 | } | 870 | } |
| 882 | 871 | ||
| 872 | local->int_scan_req = kzalloc(sizeof(*local->int_scan_req) + | ||
| 873 | sizeof(void *) * channels, GFP_KERNEL); | ||
| 874 | if (!local->int_scan_req) | ||
| 875 | return -ENOMEM; | ||
| 876 | |||
| 877 | for (band = 0; band < IEEE80211_NUM_BANDS; band++) { | ||
| 878 | if (!local->hw.wiphy->bands[band]) | ||
| 879 | continue; | ||
| 880 | local->int_scan_req->rates[band] = (u32) -1; | ||
| 881 | } | ||
| 882 | |||
| 883 | #ifndef CONFIG_MAC80211_MESH | 883 | #ifndef CONFIG_MAC80211_MESH |
| 884 | /* mesh depends on Kconfig, but drivers should set it if they want */ | 884 | /* mesh depends on Kconfig, but drivers should set it if they want */ |
| 885 | local->hw.wiphy->interface_modes &= ~BIT(NL80211_IFTYPE_MESH_POINT); | 885 | local->hw.wiphy->interface_modes &= ~BIT(NL80211_IFTYPE_MESH_POINT); |