[PATCH] Fix possible memory leak in function cfg80211_bss_update

From: Nguyen Dinh Phi
Date: Sat Jun 26 2021 - 16:58:14 EST

Next message: Igor Kononenko: "[PATCH 1/6] usb:gadget:mass-storage: Improve the signature of SCSI handler function"
Previous message: tip-bot2 for Thomas Gleixner: "[tip: timers/core] time/kunit: Add missing MODULE_LICENSE()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When we exceed the limit of BSS entries, this function will free the
new entry, however, at this time, it is the last door to access the
inputed ies, so these ies will be unreferenced objects and cause memory
leak.
Therefore we should free its ies before deallocating the new entry, beside
of dropping it from hidden_list.
These stuffs could be done by using bss_free function.

Signed-off-by: Nguyen Dinh Phi <phind.uet@xxxxxxxxx>
---
net/wireless/scan.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index f03c7ac8e184..b5f62bbe539a 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1761,9 +1761,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,

if (rdev->bss_entries >= bss_entries_limit &&
!cfg80211_bss_expire_oldest(rdev)) {
- if (!list_empty(&new->hidden_list))
- list_del(&new->hidden_list);
- kfree(new);
+ bss_free(new);
goto drop;
}

--
2.25.1

Next message: Igor Kononenko: "[PATCH 1/6] usb:gadget:mass-storage: Improve the signature of SCSI handler function"
Previous message: tip-bot2 for Thomas Gleixner: "[tip: timers/core] time/kunit: Add missing MODULE_LICENSE()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]