From: Christian Engelmayer Date: Fri, 9 May 2014 13:03:50 +0000 (+0200) Subject: staging: rtl8723au: fix potential leak in update_bcn_wps_ie() X-Git-Tag: firefly_0821_release~176^2~3465^2~39^2~971 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=086f7a4d1758998c3692bb8d4fbd3a05eb27a7a1;p=firefly-linux-kernel-4.4.55.git staging: rtl8723au: fix potential leak in update_bcn_wps_ie() Fix a potential leak in the error path of function update_bcn_wps_ie(). Move the affected input verification to the beginning of the function so that it may return directly without leaking already allocated memory. Detected by Coverity - CID 1077718. Signed-off-by: Christian Engelmayer Signed-off-by: Jes Sorensen Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/rtl8723au/core/rtw_ap.c b/drivers/staging/rtl8723au/core/rtw_ap.c index 01c6aeda63c5..da03196a3be2 100644 --- a/drivers/staging/rtl8723au/core/rtw_ap.c +++ b/drivers/staging/rtl8723au/core/rtw_ap.c @@ -1252,6 +1252,10 @@ static void update_bcn_wps_ie(struct rtw_adapter *padapter) DBG_8723A("%s\n", __func__); + pwps_ie_src = pmlmepriv->wps_beacon_ie; + if (pwps_ie_src == NULL) + return; + pwps_ie = rtw_get_wps_ie23a(ie+_FIXED_IE_LENGTH_, ielen-_FIXED_IE_LENGTH_, NULL, &wps_ielen); if (pwps_ie == NULL || wps_ielen == 0) @@ -1270,10 +1274,6 @@ static void update_bcn_wps_ie(struct rtw_adapter *padapter) remainder_ielen); } - pwps_ie_src = pmlmepriv->wps_beacon_ie; - if (pwps_ie_src == NULL) - return; - wps_ielen = (uint)pwps_ie_src[1];/* to get ie data len */ if ((wps_offset+wps_ielen+2+remainder_ielen)<= MAX_IE_SZ) {