diff options
| author | Arend van Spriel <arend.vanspriel@broadcom.com> | 2022-10-20 13:40:40 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-11-16 09:57:08 +0100 |
| commit | e1e12180321f416d83444f2cdc9259e0f5093d35 (patch) | |
| tree | 070826e45ac218bfbecc53135275bcb7bee62cdc /net | |
| parent | 914cb94e738ba6ebb482d61567fb50bf700e4f19 (diff) | |
| download | linux-e1e12180321f416d83444f2cdc9259e0f5093d35.tar.gz linux-e1e12180321f416d83444f2cdc9259e0f5093d35.tar.bz2 linux-e1e12180321f416d83444f2cdc9259e0f5093d35.zip | |
wifi: cfg80211: fix memory leak in query_regdb_file()
[ Upstream commit 57b962e627ec0ae53d4d16d7bd1033e27e67677a ]
In the function query_regdb_file() the alpha2 parameter is duplicated
using kmemdup() and subsequently freed in regdb_fw_cb(). However,
request_firmware_nowait() can fail without calling regdb_fw_cb() and
thus leak memory.
Fixes: 007f6c5e6eb4 ("cfg80211: support loading regulatory database as firmware file")
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/wireless/reg.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/net/wireless/reg.c b/net/wireless/reg.c index fd848609e656..a1e64d967bd3 100644 --- a/net/wireless/reg.c +++ b/net/wireless/reg.c @@ -1064,6 +1064,8 @@ MODULE_FIRMWARE("regulatory.db"); static int query_regdb_file(const char *alpha2) { + int err; + ASSERT_RTNL(); if (regdb) @@ -1073,9 +1075,13 @@ static int query_regdb_file(const char *alpha2) if (!alpha2) return -ENOMEM; - return request_firmware_nowait(THIS_MODULE, true, "regulatory.db", - ®_pdev->dev, GFP_KERNEL, - (void *)alpha2, regdb_fw_cb); + err = request_firmware_nowait(THIS_MODULE, true, "regulatory.db", + ®_pdev->dev, GFP_KERNEL, + (void *)alpha2, regdb_fw_cb); + if (err) + kfree(alpha2); + + return err; } int reg_reload_regdb(void) |