staging: wlan-ng: Release struct returned by cfg80211_inform_bss to avoid potential...
authorKrzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Tue, 24 Apr 2012 14:00:34 +0000 (15:00 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 24 Apr 2012 18:28:25 +0000 (11:28 -0700)
Function cfg80211_inform_bss returns a pointer to a referenced struct cfg80211_bss
but no information is needed from this struct in function prism2_scan and therefore
we release it by calling cfg80211_put_bss.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/wlan-ng/cfg80211.c

index 4cd3ba5d564603e6e2266501c757f486a0bfb326..8bc562b8c4d91086a7e44a7b066f7ca19df4d009 100644 (file)
@@ -332,6 +332,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev,
        wlandevice_t *wlandev = dev->ml_priv;
        struct p80211msg_dot11req_scan msg1;
        struct p80211msg_dot11req_scan_results msg2;
+       struct cfg80211_bss *bss;
        int result;
        int err = 0;
        int numbss = 0;
@@ -401,7 +402,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev,
                ie_buf[1] = msg2.ssid.data.len;
                ie_len = ie_buf[1] + 2;
                memcpy(&ie_buf[2], &(msg2.ssid.data.data), msg2.ssid.data.len);
-               cfg80211_inform_bss(wiphy,
+               bss = cfg80211_inform_bss(wiphy,
                        ieee80211_get_channel(wiphy, ieee80211_dsss_chan_to_freq(msg2.dschannel.data)),
                        (const u8 *) &(msg2.bssid.data.data),
                        msg2.timestamp.data, msg2.capinfo.data,
@@ -411,6 +412,13 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev,
                        (msg2.signal.data - 65536) * 100, /* Conversion to signed type */
                        GFP_KERNEL
                );
+
+               if (!bss) {
+                       err = -ENOMEM;
+                       goto exit;
+               }
+
+               cfg80211_put_bss(bss);
        }
 
        if (result)