[PATCH] Fix possible memory leak in function cfg80211_bss_update

From: Nguyen Dinh Phi
Date: Sat Jun 26 2021 - 16:58:14 EST


When we exceed the limit of BSS entries, this function will free the
new entry, however, at this time, it is the last door to access the
inputed ies, so these ies will be unreferenced objects and cause memory
leak.
Therefore we should free its ies before deallocating the new entry, beside
of dropping it from hidden_list.
These stuffs could be done by using bss_free function.

Signed-off-by: Nguyen Dinh Phi <phind.uet@xxxxxxxxx>
---
net/wireless/scan.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index f03c7ac8e184..b5f62bbe539a 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1761,9 +1761,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,

if (rdev->bss_entries >= bss_entries_limit &&
!cfg80211_bss_expire_oldest(rdev)) {
- if (!list_empty(&new->hidden_list))
- list_del(&new->hidden_list);
- kfree(new);
+ bss_free(new);
goto drop;
}

--
2.25.1