mac80211: fix memory leak in register_hw() error path
authorJohannes Berg <johannes.berg@intel.com>
Mon, 6 Jan 2014 15:02:34 +0000 (16:02 +0100)
committerJohannes Berg <johannes.berg@intel.com>
Mon, 6 Jan 2014 15:02:34 +0000 (16:02 +0100)
Move the internal scan request allocation below the last
sanity check in ieee80211_register_hw() to avoid leaking
memory if the sanity check actually triggers.

Reported-by: ZHAO Gang <gamerh2o@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/mac80211/main.c

index 2bd5b552b2f6c41629022876265bdd9a10e8890e..d767cfb9b45f092606cd37288113e82714b75fe4 100644 (file)
@@ -846,17 +846,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
                /* TODO: consider VHT for RX chains, hopefully it's the same */
        }
 
-       local->int_scan_req = kzalloc(sizeof(*local->int_scan_req) +
-                                     sizeof(void *) * channels, GFP_KERNEL);
-       if (!local->int_scan_req)
-               return -ENOMEM;
-
-       for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
-               if (!local->hw.wiphy->bands[band])
-                       continue;
-               local->int_scan_req->rates[band] = (u32) -1;
-       }
-
        /* if low-level driver supports AP, we also support VLAN */
        if (local->hw.wiphy->interface_modes & BIT(NL80211_IFTYPE_AP)) {
                hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
@@ -880,6 +869,17 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
                                return -EINVAL;
        }
 
+       local->int_scan_req = kzalloc(sizeof(*local->int_scan_req) +
+                                     sizeof(void *) * channels, GFP_KERNEL);
+       if (!local->int_scan_req)
+               return -ENOMEM;
+
+       for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
+               if (!local->hw.wiphy->bands[band])
+                       continue;
+               local->int_scan_req->rates[band] = (u32) -1;
+       }
+
 #ifndef CONFIG_MAC80211_MESH
        /* mesh depends on Kconfig, but drivers should set it if they want */
        local->hw.wiphy->interface_modes &= ~BIT(NL80211_IFTYPE_MESH_POINT);