Fix a potential leak in the error path of rtw_set_key(). In case the requested
algorithm is not supported by the driver, the function returns without
enqueuing or freeing the already allocated command and parameter structs. Use
a centralized exit path and make sure that all memory is freed correctly.
Detected by Coverity - CID
1077716,
1077717.
Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
int res = _SUCCESS;
pcmd = (struct cmd_obj *)rtw_zmalloc(sizeof(struct cmd_obj));
int res = _SUCCESS;
pcmd = (struct cmd_obj *)rtw_zmalloc(sizeof(struct cmd_obj));
- if (pcmd == NULL) {
- res = _FAIL; /* try again */
- goto exit;
- }
+ if (pcmd == NULL)
+ return _FAIL; /* try again */
+
psetkeyparm = (struct setkey_parm *)rtw_zmalloc(sizeof(struct setkey_parm));
if (psetkeyparm == NULL) {
psetkeyparm = (struct setkey_parm *)rtw_zmalloc(sizeof(struct setkey_parm));
if (psetkeyparm == NULL) {
}
_rtw_memset(psetkeyparm, 0, sizeof(struct setkey_parm));
}
_rtw_memset(psetkeyparm, 0, sizeof(struct setkey_parm));
("\n rtw_set_key:psecuritypriv->dot11PrivacyAlgrthm=%x (must be 1 or 2 or 4 or 5)\n",
psecuritypriv->dot11PrivacyAlgrthm));
res = _FAIL;
("\n rtw_set_key:psecuritypriv->dot11PrivacyAlgrthm=%x (must be 1 or 2 or 4 or 5)\n",
psecuritypriv->dot11PrivacyAlgrthm));
res = _FAIL;
}
pcmd->cmdcode = _SetKey_CMD_;
pcmd->parmbuf = (u8 *)psetkeyparm;
}
pcmd->cmdcode = _SetKey_CMD_;
pcmd->parmbuf = (u8 *)psetkeyparm;
pcmd->rspsz = 0;
_rtw_init_listhead(&pcmd->list);
res = rtw_enqueue_cmd(pcmdpriv, pcmd);
pcmd->rspsz = 0;
_rtw_init_listhead(&pcmd->list);
res = rtw_enqueue_cmd(pcmdpriv, pcmd);
+ return res;
+
+err_free_parm:
+ kfree(psetkeyparm);
+err_free_cmd:
+ kfree(pcmd);