[PATCH] nl80211: Fix memory leak on nla_put_failure error paths
Jason Young
a.young.jason
Thu Dec 15 14:31:24 PST 2011
Signed-hostap: Jason Young <jason.young at dspg.com>
---
src/drivers/driver_nl80211.c | 33 +++++++++++++++++++++++++++++++--
1 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 0a68c5f..f17a61e 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -1635,6 +1635,7 @@ static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
return send_and_recv_msgs(drv, msg, get_link_signal, sig);
nla_put_failure:
+ nlmsg_free(msg);
return -ENOBUFS;
}
@@ -1701,6 +1702,7 @@ static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
nla_put_failure:
+ nlmsg_free(msg);
return -ENOBUFS;
}
@@ -2254,6 +2256,7 @@ static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
return -EINVAL;
return 0;
nla_put_failure:
+ nlmsg_free(msg);
return -EINVAL;
}
@@ -3179,6 +3182,7 @@ static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
return send_and_recv_msgs(drv, msg, NULL, NULL);
nla_put_failure:
+ nlmsg_free(msg);
return -ENOBUFS;
}
@@ -4090,6 +4094,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
return ret;
nla_put_failure:
+ nlmsg_free(msg);
return -ENOBUFS;
}
@@ -4958,7 +4963,9 @@ wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
nl80211_set_ht40_flags(drv, &result);
return wpa_driver_nl80211_add_11b(result.modes, num_modes);
}
+ msg = NULL;
nla_put_failure:
+ nlmsg_free(msg);
return NULL;
}
@@ -5126,6 +5133,7 @@ static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
return send_and_recv_msgs(drv, msg, NULL, NULL);
nla_put_failure:
+ nlmsg_free(msg);
return -ENOBUFS;
}
@@ -5274,6 +5282,7 @@ static int wpa_driver_nl80211_set_ap(void *priv,
}
return ret;
nla_put_failure:
+ nlmsg_free(msg);
return -ENOBUFS;
}
@@ -5315,6 +5324,7 @@ static int wpa_driver_nl80211_set_freq(struct i802_bss *bss,
}
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ msg = NULL;
if (ret == 0) {
bss->freq = freq;
return 0;
@@ -5322,6 +5332,7 @@ static int wpa_driver_nl80211_set_freq(struct i802_bss *bss,
wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
"%d (%s)", freq, ret, strerror(-ret));
nla_put_failure:
+ nlmsg_free(msg);
return -1;
}
@@ -5386,6 +5397,7 @@ static int wpa_driver_nl80211_sta_add(void *priv,
NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ msg = NULL;
if (ret)
wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
"result: %d (%s)", params->set ? "SET" : "NEW", ret,
@@ -5393,6 +5405,7 @@ static int wpa_driver_nl80211_sta_add(void *priv,
if (ret == -EEXIST)
ret = 0;
nla_put_failure:
+ nlmsg_free(msg);
return ret;
}
@@ -5419,6 +5432,7 @@ static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
return 0;
return ret;
nla_put_failure:
+ nlmsg_free(msg);
return -ENOBUFS;
}
@@ -5442,7 +5456,9 @@ static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
return;
+ msg = NULL;
nla_put_failure:
+ nlmsg_free(msg);
wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
}
@@ -5509,8 +5525,10 @@ static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
}
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ msg = NULL;
if (ret) {
nla_put_failure:
+ nlmsg_free(msg);
wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
ifname, ret, strerror(-ret));
return ret;
@@ -6161,6 +6179,7 @@ static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
return send_and_recv_msgs(drv, msg, NULL, NULL);
nla_put_failure:
+ nlmsg_free(msg);
nlmsg_free(flags);
return -ENOBUFS;
}
@@ -6665,9 +6684,11 @@ static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ msg = NULL;
if (!ret)
return 0;
nla_put_failure:
+ nlmsg_free(msg);
wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
" %d (%s)", ifindex, mode, ret, strerror(-ret));
return ret;
@@ -6814,6 +6835,7 @@ static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
return send_and_recv_msgs(drv, msg, NULL, NULL);
nla_put_failure:
+ nlmsg_free(msg);
return -ENOBUFS;
}
@@ -6906,9 +6928,11 @@ static int i802_set_rts(void *priv, int rts)
NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ msg = NULL;
if (!ret)
return 0;
nla_put_failure:
+ nlmsg_free(msg);
wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
"%d (%s)", rts, ret, strerror(-ret));
return ret;
@@ -6937,9 +6961,11 @@ static int i802_set_frag(void *priv, int frag)
NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ msg = NULL;
if (!ret)
return 0;
nla_put_failure:
+ nlmsg_free(msg);
wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
"%d: %d (%s)", frag, ret, strerror(-ret));
return ret;
@@ -7843,6 +7869,7 @@ static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
cookie = 0;
ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
+ msg = NULL;
if (ret == 0) {
wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
"0x%llx for freq=%u MHz duration=%u",
@@ -7855,6 +7882,7 @@ static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
"(freq=%d duration=%u): %d (%s)",
freq, duration, ret, strerror(-ret));
nla_put_failure:
+ nlmsg_free(msg);
return -1;
}
@@ -7886,11 +7914,13 @@ static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ msg = NULL;
if (ret == 0)
return 0;
wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
"%d (%s)", ret, strerror(-ret));
nla_put_failure:
+ nlmsg_free(msg);
return -1;
}
@@ -8085,8 +8115,7 @@ static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
msg = NULL;
nla_put_failure:
- if (cqm)
- nlmsg_free(cqm);
+ nlmsg_free(cqm);
nlmsg_free(msg);
return -1;
}
--
1.7.5.4
More information about the Hostap
mailing list