From: Christian Engelmayer Date: Wed, 7 May 2014 19:30:23 +0000 (+0200) Subject: staging: rtl8188eu: fix potential leak in rtw_wx_read32() X-Git-Tag: v4.14-rc1~7083^2~39^2~418 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d6a6c916189e4ef0512a1620afc3c88a114e825d;p=platform%2Fkernel%2Flinux-rpi.git staging: rtl8188eu: fix potential leak in rtw_wx_read32() Function rtw_wx_read32() dynamically allocates a temporary buffer that is not freed in all error paths. Use a centralized exit path and make sure that all memory is freed correctly. Detected by Coverity - CID 1077711. Signed-off-by: Christian Engelmayer Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c index cf30a08..45b47e2 100644 --- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c @@ -2154,6 +2154,7 @@ static int rtw_wx_read32(struct net_device *dev, u32 bytes; u8 *ptmp; int rv; + int ret = 0; padapter = (struct adapter *)rtw_netdev_priv(dev); p = &wrqu->data; @@ -2163,16 +2164,16 @@ static int rtw_wx_read32(struct net_device *dev, return -ENOMEM; if (copy_from_user(ptmp, p->pointer, len)) { - kfree(ptmp); - return -EFAULT; + ret = -EFAULT; + goto exit; } bytes = 0; addr = 0; rv = sscanf(ptmp, "%d,%x", &bytes, &addr); if (rv != 2) { - kfree(ptmp); - return -EINVAL; + ret = -EINVAL; + goto exit; } switch (bytes) { @@ -2190,12 +2191,14 @@ static int rtw_wx_read32(struct net_device *dev, break; default: DBG_88E(KERN_INFO "%s: usage> read [bytes],[address(hex)]\n", __func__); - return -EINVAL; + ret = -EINVAL; + goto exit; } DBG_88E(KERN_INFO "%s: addr = 0x%08X data =%s\n", __func__, addr, extra); +exit: kfree(ptmp); - return 0; + return ret; } static int rtw_wx_write32(struct net_device *dev,