cfg80211: avoid mem leak on driver hint set
authorArik Nemtsov <arik@wizery.com>
Thu, 4 Dec 2014 10:22:16 +0000 (12:22 +0200)
committerJohannes Berg <johannes.berg@intel.com>
Fri, 12 Dec 2014 11:25:33 +0000 (12:25 +0100)
In the already-set and intersect case of a driver-hint, the previous
wiphy regdomain was not freed before being reset with a copy of the
cfg80211 regdomain.

Cc: stable@vger.kernel.org
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Acked-by: Luis R. Rodriguez <mcgrof@suse.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/wireless/reg.c

index 47be6163381caadf41afab40122d74f4a19448e6..7ddd16a51adf93f8f35e67095e8ba6f590dbad60 100644 (file)
@@ -1907,7 +1907,7 @@ static enum reg_request_treatment
 reg_process_hint_driver(struct wiphy *wiphy,
                        struct regulatory_request *driver_request)
 {
-       const struct ieee80211_regdomain *regd;
+       const struct ieee80211_regdomain *regd, *tmp;
        enum reg_request_treatment treatment;
 
        treatment = __reg_process_hint_driver(driver_request);
@@ -1927,7 +1927,10 @@ reg_process_hint_driver(struct wiphy *wiphy,
                        reg_free_request(driver_request);
                        return REG_REQ_IGNORE;
                }
+
+               tmp = get_wiphy_regdom(wiphy);
                rcu_assign_pointer(wiphy->regd, regd);
+               rcu_free_regdom(tmp);
        }