Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5b0ec94f authored by Johannes Berg's avatar Johannes Berg
Browse files

mac80211: fix memory leak in register_hw() error path 



Move the internal scan request allocation below the last
sanity check in ieee80211_register_hw() to avoid leaking
memory if the sanity check actually triggers.

Reported-by: default avatarZHAO Gang <gamerh2o@gmail.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent ef04a297

net/mac80211/main.c

+11 −11
Original line number Diff line number Diff line
@@ -846,17 +846,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) 
		/* TODO: consider VHT for RX chains, hopefully it's the same */

	}



	local->int_scan_req = kzalloc(sizeof(*local->int_scan_req) +

				      sizeof(void *) * channels, GFP_KERNEL);

	if (!local->int_scan_req)

		return -ENOMEM;



	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {

		if (!local->hw.wiphy->bands[band])

			continue;

		local->int_scan_req->rates[band] = (u32) -1;

	}



	/* if low-level driver supports AP, we also support VLAN */

	if (local->hw.wiphy->interface_modes & BIT(NL80211_IFTYPE_AP)) {

		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
@@ -880,6 +869,17 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) 
				return -EINVAL;

	}



	local->int_scan_req = kzalloc(sizeof(*local->int_scan_req) +

				      sizeof(void *) * channels, GFP_KERNEL);

	if (!local->int_scan_req)

		return -ENOMEM;



	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {

		if (!local->hw.wiphy->bands[band])

			continue;

		local->int_scan_req->rates[band] = (u32) -1;

	}



#ifndef CONFIG_MAC80211_MESH

	/* mesh depends on Kconfig, but drivers should set it if they want */

	local->hw.wiphy->interface_modes &= ~BIT(NL80211_IFTYPE_MESH_POINT);