Commit c60a9607 authored by Christian Engelmayer's avatar Christian Engelmayer Committed by Greg Kroah-Hartman
Browse files

staging: rtl8188eu: fix potential leak in update_bcn_wps_ie() 



Fix a potential leak in the error path of function update_bcn_wps_ie().
Move the affected input verification to the beginning of the function so
that it may return directly without leaking already allocated memory.
Detected by Coverity - CID 1077718.

Signed-off-by: default avatarChristian Engelmayer <cengelma@gmx.at>
Acked-by: default avatarJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent e0e2c5cd

drivers/staging/rtl8188eu/core/rtw_ap.c

+4 −4
Original line number Diff line number Diff line
@@ -1306,6 +1306,10 @@ static void update_bcn_wps_ie(struct adapter *padapter) 


	DBG_88E("%s\n", __func__);



	pwps_ie_src = pmlmepriv->wps_beacon_ie;

	if (pwps_ie_src == NULL)

		return;



	pwps_ie = rtw_get_wps_ie(ie+_FIXED_IE_LENGTH_, ielen-_FIXED_IE_LENGTH_, NULL, &wps_ielen);



	if (pwps_ie == NULL || wps_ielen == 0)
@@ -1323,10 +1327,6 @@ static void update_bcn_wps_ie(struct adapter *padapter) 
			memcpy(pbackup_remainder_ie, premainder_ie, remainder_ielen);

	}



	pwps_ie_src = pmlmepriv->wps_beacon_ie;

	if (pwps_ie_src == NULL)

		return;



	wps_ielen = (uint)pwps_ie_src[1];/* to get ie data len */

	if ((wps_offset+wps_ielen+2+remainder_ielen) <= MAX_IE_SZ) {

		memcpy(pwps_ie, pwps_ie_src, wps_ielen+2);

CRA Git | Maintained and supported by SUSTech CRA and CCSE