All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] iw: Fix memory leak if nla_put fails
@ 2015-11-07 11:43 Amit Khatri
  0 siblings, 0 replies; 6+ messages in thread
From: Amit Khatri @ 2015-11-07 11:43 UTC (permalink / raw)
  To: johannes; +Cc: linux-wireless, Rahul Jain, HEMANSHU SRIVASTAVA, k.ashutosh

RnJvbSA4MGM5NTZmMTVlZGZlNGY1OWE2YzEzYWU4YWQwOGJlYTBiNzhhYWZjIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQ0KRnJvbTogQW1pdCBLaGF0cmkgPGFtaXQua2hhdHJpQHNhbXN1bmcuY29t
Pg0KRGF0ZTogU2F0LCA3IE5vdiAyMDE1IDE3OjAwOjQ3ICswNTMwDQpTdWJqZWN0OiBbUEFUQ0hd
IEZpeCBtZW1vcnkgbGVhayBpZiBubGFfcHV0IGZhaWxzDQoNClNpZ25lZC1vZmYtYnk6IEFtaXQg
S2hhdHJpIDxhbWl0LmtoYXRyaUBzYW1zdW5nLmNvbT4NClNpZ25lZC1vZmYtYnk6IFJhaHVsIEph
aW4gPHJhaHVsLmphaW5Ac2Ftc3VuZy5jb20+DQpTaWduZWQtb2ZmLWJ5OiBBc2h1dG9zaCBLYXVz
aGlrIDxrLmFzaHV0b3NoQHNhbXN1bmcuY29tPg0KDQphdm9pZCBtZW1vcnkgbGVhayBiZWNhdXNl
IG9mIG5sYV9wdXRfZmFpbHVyZQ0KLS0tDQogY29hbGVzY2UuYyB8ICA3ICsrKysrKy0NCiB3b3ds
YW4uYyAgIHwgMjggKysrKysrKysrKysrKysrKysrKysrKy0tLS0tLQ0KIDIgZmlsZXMgY2hhbmdl
ZCwgMjggaW5zZXJ0aW9ucygrKSwgNyBkZWxldGlvbnMoLSkNCg0KZGlmZiAtLWdpdCBhL2NvYWxl
c2NlLmMgYi9jb2FsZXNjZS5jDQppbmRleCAzNmRjYWVmLi45YjEzYWIzIDEwMDY0NA0KLS0tIGEv
Y29hbGVzY2UuYw0KKysrIGIvY29hbGVzY2UuYw0KQEAgLTEyNCw3ICsxMjQsOCBAQCBzdGF0aWMg
aW50IGhhbmRsZV9jb2FsZXNjZV9lbmFibGUoc3RydWN0IG5sODAyMTFfc3RhdGUgKnN0YXRlLA0K
IAkJCQkJbmxhX25lc3RfZW5kKG1zZywgbmxfcGF0KTsNCiAJCQkJCWZyZWUobWFzayk7DQogCQkJ
CQlmcmVlKHBhdCk7DQotDQorCQkJCQlwYXQ9TlVMTDsNCisJCQkJCW1hc2s9TlVMTDsNCiAJCQkJ
CWlmICghbmV4dF9wYXQpDQogCQkJCQkJYnJlYWs7DQogCQkJCQljdXJfcGF0ID0gbmV4dF9wYXQ7
DQpAQCAtMTU1LDYgKzE1NiwxMCBAQCBzdGF0aWMgaW50IGhhbmRsZV9jb2FsZXNjZV9lbmFibGUo
c3RydWN0IG5sODAyMTFfc3RhdGUgKnN0YXRlLA0KIAkJZXJyID0gMTsNCiAJZ290byBjbG9zZTsN
CiBubGFfcHV0X2ZhaWx1cmU6DQorCWlmKHBhdCkNCisJCWZyZWUocGF0KTsNCisJaWYobWFzaykN
CisJCWZyZWUobWFzayk7DQogCWVyciA9IC1FTk9CVUZTOw0KIGNsb3NlOg0KIAlmY2xvc2UoZik7
DQpkaWZmIC0tZ2l0IGEvd293bGFuLmMgYi93b3dsYW4uYw0KaW5kZXggYzMwZWFiNy4uMmUxZDQz
ZCAxMDA2NDQNCi0tLSBhL3dvd2xhbi5jDQorKysgYi93b3dsYW4uYw0KQEAgLTg5LDcgKzg5LDEw
IEBAIHN0YXRpYyBpbnQgd293bGFuX3BhcnNlX3RjcF9maWxlKHN0cnVjdCBubF9tc2cgKm1zZywg
Y29uc3QgY2hhciAqZm4pDQogDQogCQkJaWYgKCFwa3QpDQogCQkJCWdvdG8gY2xvc2U7DQotCQkJ
TkxBX1BVVChtc2csIE5MODAyMTFfV09XTEFOX1RDUF9EQVRBX1BBWUxPQUQsIGxlbiwgcGt0KTsN
CisJCQlpZihubGFfcHV0KG1zZywgTkw4MDIxMV9XT1dMQU5fVENQX0RBVEFfUEFZTE9BRCwgbGVu
LCBwa3QpIDwgMCl7DQorCQkJCWZyZWUocGt0KTsNCisJCQkJZ290byBubGFfcHV0X2ZhaWx1cmU7
DQorCQkJfQ0KIAkJCWZyZWUocGt0KTsNCiAJCX0gZWxzZSBpZiAoc3RybmNtcChidWYsICJkYXRh
LmludGVydmFsPSIsIDE0KSA9PSAwKSB7DQogCQkJTkxBX1BVVF9VMzIobXNnLCBOTDgwMjExX1dP
V0xBTl9UQ1BfREFUQV9JTlRFUlZBTCwNCkBAIC05NywxMyArMTAwLDIwIEBAIHN0YXRpYyBpbnQg
d293bGFuX3BhcnNlX3RjcF9maWxlKHN0cnVjdCBubF9tc2cgKm1zZywgY29uc3QgY2hhciAqZm4p
DQogCQl9IGVsc2UgaWYgKHN0cm5jbXAoYnVmLCAid2FrZT0iLCA1KSA9PSAwKSB7DQogCQkJdW5z
aWduZWQgY2hhciAqcGF0LCAqbWFzazsNCiAJCQlzaXplX3QgcGF0bGVuOw0KLQ0KIAkJCWlmIChw
YXJzZV9oZXhfbWFzayhidWYgKyA1LCAmcGF0LCAmcGF0bGVuLCAmbWFzaykpDQogCQkJCWdvdG8g
Y2xvc2U7DQotCQkJTkxBX1BVVChtc2csIE5MODAyMTFfV09XTEFOX1RDUF9XQUtFX01BU0ssDQot
CQkJCURJVl9ST1VORF9VUChwYXRsZW4sIDgpLCBtYXNrKTsNCi0JCQlOTEFfUFVUKG1zZywgTkw4
MDIxMV9XT1dMQU5fVENQX1dBS0VfUEFZTE9BRCwNCi0JCQkJcGF0bGVuLCBwYXQpOw0KKwkJCWlm
KG5sYV9wdXQobXNnLCBOTDgwMjExX1dPV0xBTl9UQ1BfV0FLRV9NQVNLLA0KKwkJCQlESVZfUk9V
TkRfVVAocGF0bGVuLCA4KSwgbWFzaykgPCAwKXsNCisJCQkJZnJlZShtYXNrKTsNCisJCQkJZnJl
ZShwYXQpOw0KKwkJCQlnb3RvIG5sYV9wdXRfZmFpbHVyZTsNCisJCQl9DQorCQkJaWYobmxhX3B1
dChtc2csIE5MODAyMTFfV09XTEFOX1RDUF9XQUtFX1BBWUxPQUQsDQorCQkJCXBhdGxlbiwgcGF0
KSA8IDApew0KKwkJCQlmcmVlKHBhdCk7DQorCQkJCWZyZWUobWFzayk7DQorCQkJCWdvdG8gbmxh
X3B1dF9mYWlsdXJlOw0KKwkJCX0NCiAJCQlmcmVlKG1hc2spOw0KIAkJCWZyZWUocGF0KTsNCiAJ
CX0gZWxzZSBpZiAoc3RybmNtcChidWYsICJkYXRhLnNlcT0iLCA5KSA9PSAwKSB7DQpAQCAtMjk5
LDYgKzMwOSw4IEBAIHN0YXRpYyBpbnQgaGFuZGxlX3dvd2xhbl9lbmFibGUoc3RydWN0IG5sODAy
MTFfc3RhdGUgKnN0YXRlLA0KIAkJCW5sYV9uZXN0X2VuZChwYXR0ZXJucywgcGF0dGVybik7DQog
CQkJZnJlZShtYXNrKTsNCiAJCQlmcmVlKHBhdCk7DQorCQkJcGF0PU5VTEw7DQorCQkJbWFzaz1O
VUxMOw0KIAkJCWJyZWFrOw0KIAkJfQ0KIAkJYXJndisrOw0KQEAgLTMxMiw2ICszMjQsMTAgQEAg
c3RhdGljIGludCBoYW5kbGVfd293bGFuX2VuYWJsZShzdHJ1Y3Qgbmw4MDIxMV9zdGF0ZSAqc3Rh
dGUsDQogCW5sYV9uZXN0X2VuZChtc2csIHdvd2xhbik7DQogCWVyciA9IDA7DQogIG5sYV9wdXRf
ZmFpbHVyZToNCisJaWYocGF0KQ0KKwkJZnJlZShwYXQpOw0KKwlpZihtYXNrKQ0KKwkJZnJlZSht
YXNrKTsNCiAJbmxtc2dfZnJlZShwYXR0ZXJucyk7DQogCXJldHVybiBlcnI7DQogfQ0KLS0gDQox
LjkuMQ0K



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] iw:Fix memory leak if nla_put fails
  2015-11-27  9:37 [PATCH] iw:Fix " Rahul Jain
@ 2016-01-06 11:11 ` Johannes Berg
  0 siblings, 0 replies; 6+ messages in thread
From: Johannes Berg @ 2016-01-06 11:11 UTC (permalink / raw)
  To: Rahul Jain; +Cc: linux-wireless, Amit Khatri

On Fri, 2015-11-27 at 15:07 +0530, Rahul Jain wrote:
> 
> @@ -124,7 +124,8 @@ static int handle_coalesce_enable(struct
> nl80211_state *state,
>  					nla_nest_end(msg, nl_pat);
>  					free(mask);
>  					free(pat);
> -
> +					pat = NULL;
> +					mask = NULL;

I'd prefer to keep the blank line.

> +	if (pat)
> +		free(pat);

free(NULL) is valid and a no-op.

> -			NLA_PUT(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
> -				DIV_ROUND_UP(patlen, 8), mask);
> -			NLA_PUT(msg,
> NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
> -				patlen, pat);
> +			if (nla_put(msg,
> NL80211_WOWLAN_TCP_WAKE_MASK,
> +				DIV_ROUND_UP(patlen, 8), mask) < 0)
> {
> +				free(mask);
> +				free(pat);
> +				mask = NULL;
> +				pat = NULL;
> +				goto nla_put_failure;
> +			}
> +			if (nla_put(msg,
> NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
> +				patlen, pat) < 0){
> +				free(pat);
> +				free(mask);
> +				pat = NULL;
> +				mask = NULL;
> +				goto nla_put_failure;
> +			}

I don't understand - you also updated the nla_put_failure label to free
it.

>  			free(mask);
>  			free(pat);

seems like you need NULL here though.

johannes

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [PATCH] iw:Fix memory leak if nla_put fails
@ 2015-11-27  9:37 Rahul Jain
  2016-01-06 11:11 ` Johannes Berg
  0 siblings, 1 reply; 6+ messages in thread
From: Rahul Jain @ 2015-11-27  9:37 UTC (permalink / raw)
  To: johannes; +Cc: linux-wireless, Amit Khatri, Rahul Jain

From: Amit Khatri <amit.khatri@samsung.com>

Avoid memory leak because of nla_put_failure

Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
---
 coalesce.c |  7 ++++++-
 wowlan.c   | 33 +++++++++++++++++++++++++++------
 2 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/coalesce.c b/coalesce.c
index 36dcaef..822da4f 100644
--- a/coalesce.c
+++ b/coalesce.c
@@ -124,7 +124,8 @@ static int handle_coalesce_enable(struct nl80211_state *state,
 					nla_nest_end(msg, nl_pat);
 					free(mask);
 					free(pat);
-
+					pat = NULL;
+					mask = NULL;
 					if (!next_pat)
 						break;
 					cur_pat = next_pat;
@@ -155,6 +156,10 @@ static int handle_coalesce_enable(struct nl80211_state *state,
 		err = 1;
 	goto close;
 nla_put_failure:
+	if (pat)
+		free(pat);
+	if (mask)
+		free(mask);
 	err = -ENOBUFS;
 close:
 	fclose(f);
diff --git a/wowlan.c b/wowlan.c
index e0cf316..c674e2c 100644
--- a/wowlan.c
+++ b/wowlan.c
@@ -89,7 +89,11 @@ static int wowlan_parse_tcp_file(struct nl_msg *msg, const char *fn)
 
 			if (!pkt)
 				goto close;
-			NLA_PUT(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, len, pkt);
+			if (nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, len,
+				pkt) < 0) {
+				free(pkt);
+				goto nla_put_failure;
+			}
 			free(pkt);
 		} else if (strncmp(buf, "data.interval=", 14) == 0) {
 			NLA_PUT_U32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
@@ -97,13 +101,24 @@ static int wowlan_parse_tcp_file(struct nl_msg *msg, const char *fn)
 		} else if (strncmp(buf, "wake=", 5) == 0) {
 			unsigned char *pat, *mask;
 			size_t patlen;
-
 			if (parse_hex_mask(buf + 5, &pat, &patlen, &mask))
 				goto close;
-			NLA_PUT(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
-				DIV_ROUND_UP(patlen, 8), mask);
-			NLA_PUT(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
-				patlen, pat);
+			if (nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
+				DIV_ROUND_UP(patlen, 8), mask) < 0) {
+				free(mask);
+				free(pat);
+				mask = NULL;
+				pat = NULL;
+				goto nla_put_failure;
+			}
+			if (nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
+				patlen, pat) < 0){
+				free(pat);
+				free(mask);
+				pat = NULL;
+				mask = NULL;
+				goto nla_put_failure;
+			}
 			free(mask);
 			free(pat);
 		} else if (strncmp(buf, "data.seq=", 9) == 0) {
@@ -300,6 +315,8 @@ static int handle_wowlan_enable(struct nl80211_state *state,
 			nla_nest_end(patterns, pattern);
 			free(mask);
 			free(pat);
+			pat = NULL;
+			mask = NULL;
 			break;
 		}
 		argv++;
@@ -313,6 +330,10 @@ static int handle_wowlan_enable(struct nl80211_state *state,
 	nla_nest_end(msg, wowlan);
 	err = 0;
  nla_put_failure:
+	if (pat)
+		free(pat);
+	if (mask)
+		free(mask);
 	nlmsg_free(patterns);
 	return err;
 }
-- 
1.9.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* [PATCH] iw: Fix memory leak if nla_put fails
@ 2015-11-07 11:36 Amit Khatri
  0 siblings, 0 replies; 6+ messages in thread
From: Amit Khatri @ 2015-11-07 11:36 UTC (permalink / raw)
  To: johannes; +Cc: linux-wireless, Rahul Jain, HEMANSHU SRIVASTAVA

RnJvbSA4MGM5NTZmMTVlZGZlNGY1OWE2YzEzYWU4YWQwOGJlYTBiNzhhYWZjIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQ0KRnJvbTogQW1pdCBLaGF0cmkgPGFtaXQua2hhdHJpQHNhbXN1bmcuY29t
Pg0KRGF0ZTogU2F0LCA3IE5vdiAyMDE1IDE3OjAwOjQ3ICswNTMwDQpTdWJqZWN0OiBbUEFUQ0hd
IEZpeCBtZW1vcnkgbGVhayBpZiBubGFfcHV0IGZhaWxzDQoNClNpZ25lZC1vZmYtYnk6IEFtaXQg
S2hhdHJpIDxhbWl0LmtoYXRyaUBzYW1zdW5nLmNvbT4NClNpZ25lZC1vZmYtYnk6IEFtaXQgS2hh
dHJpIDxyYWh1bC5qYWluQHNhbXN1bmcuY29tPg0KU2lnbmVkLW9mZi1ieTogQXNodXRvc2ggS2F1
c2hpayA8ay5hc2h1dG9zaEBzYW1zdW5nLmNvbT4NCg0KYXZvaWQgbWVtb3J5IGxlYWsgYmVjYXVz
ZSBvZiBubGFfcHV0X2ZhaWx1cmUNCi0tLQ0KIGNvYWxlc2NlLmMgfCAgNyArKysrKystDQogd293
bGFuLmMgICB8IDI4ICsrKysrKysrKysrKysrKysrKysrKystLS0tLS0NCiAyIGZpbGVzIGNoYW5n
ZWQsIDI4IGluc2VydGlvbnMoKyksIDcgZGVsZXRpb25zKC0pDQoNCmRpZmYgLS1naXQgYS9jb2Fs
ZXNjZS5jIGIvY29hbGVzY2UuYw0KaW5kZXggMzZkY2FlZi4uOWIxM2FiMyAxMDA2NDQNCi0tLSBh
L2NvYWxlc2NlLmMNCisrKyBiL2NvYWxlc2NlLmMNCkBAIC0xMjQsNyArMTI0LDggQEAgc3RhdGlj
IGludCBoYW5kbGVfY29hbGVzY2VfZW5hYmxlKHN0cnVjdCBubDgwMjExX3N0YXRlICpzdGF0ZSwN
CiAJCQkJCW5sYV9uZXN0X2VuZChtc2csIG5sX3BhdCk7DQogCQkJCQlmcmVlKG1hc2spOw0KIAkJ
CQkJZnJlZShwYXQpOw0KLQ0KKwkJCQkJcGF0PU5VTEw7DQorCQkJCQltYXNrPU5VTEw7DQogCQkJ
CQlpZiAoIW5leHRfcGF0KQ0KIAkJCQkJCWJyZWFrOw0KIAkJCQkJY3VyX3BhdCA9IG5leHRfcGF0
Ow0KQEAgLTE1NSw2ICsxNTYsMTAgQEAgc3RhdGljIGludCBoYW5kbGVfY29hbGVzY2VfZW5hYmxl
KHN0cnVjdCBubDgwMjExX3N0YXRlICpzdGF0ZSwNCiAJCWVyciA9IDE7DQogCWdvdG8gY2xvc2U7
DQogbmxhX3B1dF9mYWlsdXJlOg0KKwlpZihwYXQpDQorCQlmcmVlKHBhdCk7DQorCWlmKG1hc2sp
DQorCQlmcmVlKG1hc2spOw0KIAllcnIgPSAtRU5PQlVGUzsNCiBjbG9zZToNCiAJZmNsb3NlKGYp
Ow0KZGlmZiAtLWdpdCBhL3dvd2xhbi5jIGIvd293bGFuLmMNCmluZGV4IGMzMGVhYjcuLjJlMWQ0
M2QgMTAwNjQ0DQotLS0gYS93b3dsYW4uYw0KKysrIGIvd293bGFuLmMNCkBAIC04OSw3ICs4OSwx
MCBAQCBzdGF0aWMgaW50IHdvd2xhbl9wYXJzZV90Y3BfZmlsZShzdHJ1Y3QgbmxfbXNnICptc2cs
IGNvbnN0IGNoYXIgKmZuKQ0KIA0KIAkJCWlmICghcGt0KQ0KIAkJCQlnb3RvIGNsb3NlOw0KLQkJ
CU5MQV9QVVQobXNnLCBOTDgwMjExX1dPV0xBTl9UQ1BfREFUQV9QQVlMT0FELCBsZW4sIHBrdCk7
DQorCQkJaWYobmxhX3B1dChtc2csIE5MODAyMTFfV09XTEFOX1RDUF9EQVRBX1BBWUxPQUQsIGxl
biwgcGt0KSA8IDApew0KKwkJCQlmcmVlKHBrdCk7DQorCQkJCWdvdG8gbmxhX3B1dF9mYWlsdXJl
Ow0KKwkJCX0NCiAJCQlmcmVlKHBrdCk7DQogCQl9IGVsc2UgaWYgKHN0cm5jbXAoYnVmLCAiZGF0
YS5pbnRlcnZhbD0iLCAxNCkgPT0gMCkgew0KIAkJCU5MQV9QVVRfVTMyKG1zZywgTkw4MDIxMV9X
T1dMQU5fVENQX0RBVEFfSU5URVJWQUwsDQpAQCAtOTcsMTMgKzEwMCwyMCBAQCBzdGF0aWMgaW50
IHdvd2xhbl9wYXJzZV90Y3BfZmlsZShzdHJ1Y3QgbmxfbXNnICptc2csIGNvbnN0IGNoYXIgKmZu
KQ0KIAkJfSBlbHNlIGlmIChzdHJuY21wKGJ1ZiwgIndha2U9IiwgNSkgPT0gMCkgew0KIAkJCXVu
c2lnbmVkIGNoYXIgKnBhdCwgKm1hc2s7DQogCQkJc2l6ZV90IHBhdGxlbjsNCi0NCiAJCQlpZiAo
cGFyc2VfaGV4X21hc2soYnVmICsgNSwgJnBhdCwgJnBhdGxlbiwgJm1hc2spKQ0KIAkJCQlnb3Rv
IGNsb3NlOw0KLQkJCU5MQV9QVVQobXNnLCBOTDgwMjExX1dPV0xBTl9UQ1BfV0FLRV9NQVNLLA0K
LQkJCQlESVZfUk9VTkRfVVAocGF0bGVuLCA4KSwgbWFzayk7DQotCQkJTkxBX1BVVChtc2csIE5M
ODAyMTFfV09XTEFOX1RDUF9XQUtFX1BBWUxPQUQsDQotCQkJCXBhdGxlbiwgcGF0KTsNCisJCQlp
ZihubGFfcHV0KG1zZywgTkw4MDIxMV9XT1dMQU5fVENQX1dBS0VfTUFTSywNCisJCQkJRElWX1JP
VU5EX1VQKHBhdGxlbiwgOCksIG1hc2spIDwgMCl7DQorCQkJCWZyZWUobWFzayk7DQorCQkJCWZy
ZWUocGF0KTsNCisJCQkJZ290byBubGFfcHV0X2ZhaWx1cmU7DQorCQkJfQ0KKwkJCWlmKG5sYV9w
dXQobXNnLCBOTDgwMjExX1dPV0xBTl9UQ1BfV0FLRV9QQVlMT0FELA0KKwkJCQlwYXRsZW4sIHBh
dCkgPCAwKXsNCisJCQkJZnJlZShwYXQpOw0KKwkJCQlmcmVlKG1hc2spOw0KKwkJCQlnb3RvIG5s
YV9wdXRfZmFpbHVyZTsNCisJCQl9DQogCQkJZnJlZShtYXNrKTsNCiAJCQlmcmVlKHBhdCk7DQog
CQl9IGVsc2UgaWYgKHN0cm5jbXAoYnVmLCAiZGF0YS5zZXE9IiwgOSkgPT0gMCkgew0KQEAgLTI5
OSw2ICszMDksOCBAQCBzdGF0aWMgaW50IGhhbmRsZV93b3dsYW5fZW5hYmxlKHN0cnVjdCBubDgw
MjExX3N0YXRlICpzdGF0ZSwNCiAJCQlubGFfbmVzdF9lbmQocGF0dGVybnMsIHBhdHRlcm4pOw0K
IAkJCWZyZWUobWFzayk7DQogCQkJZnJlZShwYXQpOw0KKwkJCXBhdD1OVUxMOw0KKwkJCW1hc2s9
TlVMTDsNCiAJCQlicmVhazsNCiAJCX0NCiAJCWFyZ3YrKzsNCkBAIC0zMTIsNiArMzI0LDEwIEBA
IHN0YXRpYyBpbnQgaGFuZGxlX3dvd2xhbl9lbmFibGUoc3RydWN0IG5sODAyMTFfc3RhdGUgKnN0
YXRlLA0KIAlubGFfbmVzdF9lbmQobXNnLCB3b3dsYW4pOw0KIAllcnIgPSAwOw0KICBubGFfcHV0
X2ZhaWx1cmU6DQorCWlmKHBhdCkNCisJCWZyZWUocGF0KTsNCisJaWYobWFzaykNCisJCWZyZWUo
bWFzayk7DQogCW5sbXNnX2ZyZWUocGF0dGVybnMpOw0KIAlyZXR1cm4gZXJyOw0KIH0NCi0tIA0K
MS45LjENCg0K



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] iw: Fix memory leak if nla_put fails
  2015-10-23 22:33 Ola Olsson
@ 2015-11-03 10:28 ` Johannes Berg
  0 siblings, 0 replies; 6+ messages in thread
From: Johannes Berg @ 2015-11-03 10:28 UTC (permalink / raw)
  To: Ola Olsson; +Cc: linux-wireless, Ola Olsson

On Sat, 2015-10-24 at 00:33 +0200, Ola Olsson wrote:
> The NLA_PUT macro will automatically goto nla_put_failure if
> the underlying nla_put fails. This will in turn leak our malloced
> memory in both the scan and wowlan commands.
> Fix that by not using the macro in the cases where we have
> allocated heap mem.
> 
Applied, thanks.

Luckily the tool just exits right away so we don't have to care all
that much :)

But of course it's still good to fix it since people can (and do) copy
it into other code.

johannes

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [PATCH] iw: Fix memory leak if nla_put fails
@ 2015-10-23 22:33 Ola Olsson
  2015-11-03 10:28 ` Johannes Berg
  0 siblings, 1 reply; 6+ messages in thread
From: Ola Olsson @ 2015-10-23 22:33 UTC (permalink / raw)
  To: johannes.berg; +Cc: linux-wireless, Ola Olsson, Ola Olsson

The NLA_PUT macro will automatically goto nla_put_failure if
the underlying nla_put fails. This will in turn leak our malloced
memory in both the scan and wowlan commands.
Fix that by not using the macro in the cases where we have
allocated heap mem.

Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
---
 scan.c   |    5 ++++-
 wowlan.c |    8 ++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/scan.c b/scan.c
index 8762784..06c4255 100644
--- a/scan.c
+++ b/scan.c
@@ -458,7 +458,10 @@ static int handle_scan(struct nl80211_state *state,
 			memcpy(&tmpies[ies_len], meshid, meshid_len);
 			free(meshid);
 		}
-		NLA_PUT(msg, NL80211_ATTR_IE, ies_len + meshid_len, tmpies);
+		if (nla_put(msg, NL80211_ATTR_IE, ies_len + meshid_len, tmpies) < 0) {
+			free(tmpies);
+			goto nla_put_failure;
+		}
 		free(tmpies);
 	}
 
diff --git a/wowlan.c b/wowlan.c
index e1d3750..c30eab7 100644
--- a/wowlan.c
+++ b/wowlan.c
@@ -159,8 +159,12 @@ static int wowlan_parse_tcp_file(struct nl_msg *msg, const char *fn)
 			tok->offset = atoi(offs);
 			memcpy(tok->token_stream, stream, stream_len);
 
-			NLA_PUT(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
-				sizeof(*tok) + stream_len, tok);
+			if (nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
+				sizeof(*tok) + stream_len, tok) < 0) {
+				free(stream);
+				free(tok);
+				goto nla_put_failure;
+			}
 			free(stream);
 			free(tok);
 		} else {
-- 
1.7.9.5


^ permalink raw reply related	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-01-06 11:11 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-07 11:43 [PATCH] iw: Fix memory leak if nla_put fails Amit Khatri
  -- strict thread matches above, loose matches on Subject: below --
2015-11-27  9:37 [PATCH] iw:Fix " Rahul Jain
2016-01-06 11:11 ` Johannes Berg
2015-11-07 11:36 [PATCH] iw: Fix " Amit Khatri
2015-10-23 22:33 Ola Olsson
2015-11-03 10:28 ` Johannes Berg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.