diff options
| author | David Kilroy <kilroyd@googlemail.com> | 2009-08-18 19:43:31 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2009-08-20 11:36:06 -0400 |
| commit | 415ad1efae1d5fe00d739e612d262eabda90f5e8 (patch) | |
| tree | 285f400386932f691849b3c0114c322b64214a88 /net/wireless/sme.c | |
| parent | eeef41854deae30ea304544f18684df70ae3f87b (diff) | |
cfg80211: fix leaks of wdev->conn->ie
This only occurs in the following error situations:
- driver calls connect_result with failure
- error scheduling authentication on connect
- error initiating scan (to get BSSID and channel) on
connect
- userspace calls disconnect while in the SCANNING or
SCAN_AGAIN states
Signed-off-by: David Kilroy <kilroyd@googlemail.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless/sme.c')
| -rw-r--r-- | net/wireless/sme.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 6fb6a704ca40..9ddc00e3c239 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c | |||
| @@ -395,6 +395,8 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, | |||
| 395 | 395 | ||
| 396 | if (status != WLAN_STATUS_SUCCESS) { | 396 | if (status != WLAN_STATUS_SUCCESS) { |
| 397 | wdev->sme_state = CFG80211_SME_IDLE; | 397 | wdev->sme_state = CFG80211_SME_IDLE; |
| 398 | if (wdev->conn) | ||
| 399 | kfree(wdev->conn->ie); | ||
| 398 | kfree(wdev->conn); | 400 | kfree(wdev->conn); |
| 399 | wdev->conn = NULL; | 401 | wdev->conn = NULL; |
| 400 | kfree(wdev->connect_keys); | 402 | kfree(wdev->connect_keys); |
| @@ -779,6 +781,7 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev, | |||
| 779 | } | 781 | } |
| 780 | } | 782 | } |
| 781 | if (err) { | 783 | if (err) { |
| 784 | kfree(wdev->conn->ie); | ||
| 782 | kfree(wdev->conn); | 785 | kfree(wdev->conn); |
| 783 | wdev->conn = NULL; | 786 | wdev->conn = NULL; |
| 784 | wdev->sme_state = CFG80211_SME_IDLE; | 787 | wdev->sme_state = CFG80211_SME_IDLE; |
| @@ -848,6 +851,7 @@ int __cfg80211_disconnect(struct cfg80211_registered_device *rdev, | |||
| 848 | (wdev->conn->state == CFG80211_CONN_SCANNING || | 851 | (wdev->conn->state == CFG80211_CONN_SCANNING || |
| 849 | wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) { | 852 | wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) { |
| 850 | wdev->sme_state = CFG80211_SME_IDLE; | 853 | wdev->sme_state = CFG80211_SME_IDLE; |
| 854 | kfree(wdev->conn->ie); | ||
| 851 | kfree(wdev->conn); | 855 | kfree(wdev->conn); |
| 852 | wdev->conn = NULL; | 856 | wdev->conn = NULL; |
| 853 | wdev->ssid_len = 0; | 857 | wdev->ssid_len = 0; |