staging: rtl8712: fix potential leaks in r8712_set_key()

Fix potential leaks in the error paths of r8712_set_key(). In case the algorithm specific checks fail, the function returns without enqueuing or freeing the already allocated command and parameter structs. Use a centralized exit path and make sure that all memory is freed correctly. Detected by Coverity - CID 144370, 144371. Signed-off-by: Christian Engelmayer <cengelma@gmx.at> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: rtl8712: fix potential leaks in r8712_set_key()
Fix potential leaks in the error paths of r8712_set_key(). In case the algorithm specific checks fail, the function returns without enqueuing or freeing the already allocated command and parameter structs. Use a centralized exit path and make sure that all memory is freed correctly. Detected by Coverity - CID 144370, 144371. Signed-off-by: Christian Engelmayer <cengelma@gmx.at> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2af9e74a · Christian Engelmayer · Greg Kroah-Hartman · 55d4f6cc · 2af9e74a
Commit 2af9e74a authored May 07, 2014 by Christian Engelmayer Committed by Greg Kroah-Hartman May 24, 2014
Show whitespace changes
Inline Side-by-side

Showing with 20 additions and 8 deletions

drivers/staging/rtl8712/rtl871x_mlme.c drivers/staging/rtl8712/rtl871x_mlme.c +20 -8

No files found.
--- a/drivers/staging/rtl8712/rtl871x_mlme.c
+++ b/drivers/staging/rtl8712/rtl871x_mlme.c
@@ -1243,14 +1243,15 @@ sint r8712_set_key(struct _adapter *adapter,
 	struct cmd_obj *pcmd;
 	struct setkey_parm *psetkeyparm;
 	u8 keylen;
+	sint ret = _SUCCESS;
 	pcmd = (struct cmd_obj *)_malloc(sizeof(struct cmd_obj));
 	if (pcmd == NULL)
 		return _FAIL;
 	psetkeyparm = (struct setkey_parm *)_malloc(sizeof(struct setkey_parm));
 	if (psetkeyparm == NULL) {
-		kfree((unsigned char *)pcmd);
+		ret = _FAIL;
-		return _FAIL;
+		goto err_free_cmd;
 	}
 	memset(psetkeyparm, 0, sizeof(struct setkey_parm));
 	if (psecuritypriv->AuthAlgrthm == 2) { /* 802.1X */
@@ -1274,23 +1275,28 @@ sint r8712_set_key(struct _adapter *adapter,
 			psecuritypriv->DefKey[keyid].skey, keylen);
 		break;
 	case _TKIP_:
-		if (keyid < 1 || keyid > 2)
+		if (keyid < 1 || keyid > 2) {
-			return _FAIL;
+			ret = _FAIL;
+			goto err_free_parm;
+		}
 		keylen = 16;
 		memcpy(psetkeyparm->key,
 			&psecuritypriv->XGrpKey[keyid - 1], keylen);
 		psetkeyparm->grpkey = 1;
 		break;
 	case _AES_:
-		if (keyid < 1 || keyid > 2)
+		if (keyid < 1 || keyid > 2) {
-			return _FAIL;
+			ret = _FAIL;
+			goto err_free_parm;
+		}
 		keylen = 16;
 		memcpy(psetkeyparm->key,
 			&psecuritypriv->XGrpKey[keyid - 1], keylen);
 		psetkeyparm->grpkey = 1;
 		break;
 	default:
-		return _FAIL;
+		ret = _FAIL;
+		goto err_free_parm;
 	}
 	pcmd->cmdcode = _SetKey_CMD_;
 	pcmd->parmbuf = (u8 *)psetkeyparm;
@@ -1299,7 +1305,13 @@ sint r8712_set_key(struct _adapter *adapter,
 	pcmd->rspsz = 0;
 	_init_listhead(&pcmd->list);
 	r8712_enqueue_cmd(pcmdpriv, pcmd);
-	return _SUCCESS;
+	return ret;
+err_free_parm:
+	kfree(psetkeyparm);
+err_free_cmd:
+	kfree(pcmd);
+	return ret;
 }
 /* adjust IEs for r8712_joinbss_cmd in WMM */