cfg80211: scan: drop entry from hidden_list on overflow

commit 010bfbe768f7ecc876ffba92db30432de4997e2a upstream.

If we overflow the maximum number of BSS entries and free the
new entry, drop it from any hidden_list that it may have been
added to in the code above or in cfg80211_combine_bsses().

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20210416094212.5de7d1676ad7.Ied283b0bc5f504845e7d6ab90626bdfa68bb3dc0@changeid
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 345ef1c967685ad60f6cf863f6dc4253fabb3945..87fc56bc4f1e7aba67f5a5e9e4b89fe4ea3d5444 100644 (file)
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1753,6 +1753,8 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,
 
                if (rdev->bss_entries >= bss_entries_limit &&
                    !cfg80211_bss_expire_oldest(rdev)) {
+                       if (!list_empty(&new->hidden_list))
+                               list_del(&new->hidden_list);
                        kfree(new);
                        goto drop;
                }