| 1 |
From f9a5c358c8d26fed0cc45f2afc64633d4ba21dff Mon Sep 17 00:00:00 2001 |
| 2 |
From: Nguyen Dinh Phi <phind.uet@gmail.com> |
| 3 |
Date: Mon, 28 Jun 2021 21:23:34 +0800 |
| 4 |
Subject: cfg80211: Fix possible memory leak in function cfg80211_bss_update |
| 5 |
|
| 6 |
From: Nguyen Dinh Phi <phind.uet@gmail.com> |
| 7 |
|
| 8 |
commit f9a5c358c8d26fed0cc45f2afc64633d4ba21dff upstream. |
| 9 |
|
| 10 |
When we exceed the limit of BSS entries, this function will free the |
| 11 |
new entry, however, at this time, it is the last door to access the |
| 12 |
inputed ies, so these ies will be unreferenced objects and cause memory |
| 13 |
leak. |
| 14 |
Therefore we should free its ies before deallocating the new entry, beside |
| 15 |
of dropping it from hidden_list. |
| 16 |
|
| 17 |
Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com> |
| 18 |
Link: https://lore.kernel.org/r/20210628132334.851095-1-phind.uet@gmail.com |
| 19 |
Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| 20 |
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| 21 |
--- |
| 22 |
net/wireless/scan.c | 6 ++---- |
| 23 |
1 file changed, 2 insertions(+), 4 deletions(-) |
| 24 |
|
| 25 |
--- a/net/wireless/scan.c |
| 26 |
+++ b/net/wireless/scan.c |
| 27 |
@@ -1746,16 +1746,14 @@ cfg80211_bss_update(struct cfg80211_regi |
| 28 |
* be grouped with this beacon for updates ... |
| 29 |
*/ |
| 30 |
if (!cfg80211_combine_bsses(rdev, new)) { |
| 31 |
- kfree(new); |
| 32 |
+ bss_ref_put(rdev, new); |
| 33 |
goto drop; |
| 34 |
} |
| 35 |
} |
| 36 |
|
| 37 |
if (rdev->bss_entries >= bss_entries_limit && |
| 38 |
!cfg80211_bss_expire_oldest(rdev)) { |
| 39 |
- if (!list_empty(&new->hidden_list)) |
| 40 |
- list_del(&new->hidden_list); |
| 41 |
- kfree(new); |
| 42 |
+ bss_ref_put(rdev, new); |
| 43 |
goto drop; |
| 44 |
} |
| 45 |
|
Parent Directory
| 
Revision Log