redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity

staging: rtl8188eu: fix potential leak in rtw_wx_read32()

Browse source 
Function rtw_wx_read32() dynamically allocates a temporary buffer that is not
freed in all error paths. Use a centralized exit path and make sure that all
memory is freed correctly. Detected by Coverity - CID 1077711.

Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Christian Engelmayer 2014-05-07 21:30:23 +02:00 committed by Greg Kroah-Hartman
parent 5b0a7eae9f
commit d6a6c91618
1 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
View file

@ -2154,6 +2154,7 @@ static int rtw_wx_read32(struct net_device *dev,
u32 bytes;
u8 *ptmp;
int rv;
int ret = 0;
padapter = (struct adapter *)rtw_netdev_priv(dev);
p = &wrqu->data;
@ -2163,16 +2164,16 @@ static int rtw_wx_read32(struct net_device *dev,
return -ENOMEM;
if (copy_from_user(ptmp, p->pointer, len)) {
kfree(ptmp);
return -EFAULT;
ret = -EFAULT;
goto exit;
}
bytes = 0;
addr = 0;
rv = sscanf(ptmp, "%d,%x", &bytes, &addr);
if (rv != 2) {
kfree(ptmp);
return -EINVAL;
ret = -EINVAL;
goto exit;
}
switch (bytes) {
@ -2190,12 +2191,14 @@ static int rtw_wx_read32(struct net_device *dev,
break;
default:
DBG_88E(KERN_INFO "%s: usage> read [bytes],[address(hex)]\n", __func__);
return -EINVAL;
ret = -EINVAL;
goto exit;
}
DBG_88E(KERN_INFO "%s: addr = 0x%08X data =%s\n", __func__, addr, extra);
exit:
kfree(ptmp);
return 0;
return ret;
}
static int rtw_wx_write32(struct net_device *dev,