mwifiex_set_wowlan_mef_entry attempts to free a passed-in pointer in
case of an error. The only caller (mwifiex_set_mef_filter) passes that
pointer as an offset into allocated memory, so any attempt to free that
will not be the actual allocated pointer.
Address this by changing mwifiex_set_wowlan_mef_entry to not do any
free, and to cause mwifiex_set_mef_filter to do the appropriate free if
the call to mwifiex_set_wowlan_mef_entry fails.
Coverity CID #
1295879
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Acked-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
MWIFIEX_MEF_MAX_BYTESEQ)) {
mwifiex_dbg(priv->adapter, ERROR,
"Pattern not supported\n");
- kfree(mef_entry);
return -EOPNOTSUPP;
}
mwifiex_set_auto_arp_mef_entry(priv, &mef_entry[0]);
- if (wowlan->n_patterns || wowlan->magic_pkt)
+ if (wowlan->n_patterns || wowlan->magic_pkt) {
ret = mwifiex_set_wowlan_mef_entry(priv, &mef_cfg,
&mef_entry[1], wowlan);
+ if (ret)
+ goto err;
+ }
if (!mef_cfg.criteria)
mef_cfg.criteria = MWIFIEX_CRITERIA_BROADCAST |
ret = mwifiex_send_cmd(priv, HostCmd_CMD_MEF_CFG,
HostCmd_ACT_GEN_SET, 0,
&mef_cfg, true);
+
+err:
kfree(mef_entry);
return ret;
}
projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff