Commit 5fd2f91a authored by Johannes Berg's avatar Johannes Berg

mac80211: fix possible sta leak

If TDLS station addition is rejected, the sta memory is leaked.
Avoid this by moving the check before the allocation.

Cc: stable@vger.kernel.org
Fixes: 7ed52853 ("mac80211: don't initiate TDLS connection if station is not associated to AP")
Link: https://lore.kernel.org/r/20190801073033.7892-1-johannes@sipsolutions.netSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent a1c4cd67
...@@ -1546,6 +1546,11 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev, ...@@ -1546,6 +1546,11 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
if (is_multicast_ether_addr(mac)) if (is_multicast_ether_addr(mac))
return -EINVAL; return -EINVAL;
if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER) &&
sdata->vif.type == NL80211_IFTYPE_STATION &&
!sdata->u.mgd.associated)
return -EINVAL;
sta = sta_info_alloc(sdata, mac, GFP_KERNEL); sta = sta_info_alloc(sdata, mac, GFP_KERNEL);
if (!sta) if (!sta)
return -ENOMEM; return -ENOMEM;
...@@ -1553,10 +1558,6 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev, ...@@ -1553,10 +1558,6 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
sta->sta.tdls = true; sta->sta.tdls = true;
if (sta->sta.tdls && sdata->vif.type == NL80211_IFTYPE_STATION &&
!sdata->u.mgd.associated)
return -EINVAL;
err = sta_apply_parameters(local, sta, params); err = sta_apply_parameters(local, sta, params);
if (err) { if (err) {
sta_info_free(local, sta); sta_info_free(local, sta);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment