cfg80211: Fix memory leak
authorLarry Finger <Larry.Finger@lwfinger.net>
Mon, 4 Feb 2013 21:33:44 +0000 (15:33 -0600)
committerJohannes Berg <johannes.berg@intel.com>
Mon, 11 Feb 2013 17:44:41 +0000 (18:44 +0100)
When a driver requests a specific regulatory domain after cfg80211 already
has one, a struct ieee80211_regdomain is leaked.

Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Tested-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/wireless/reg.c

index 6ea626b30a2ac4dbad10901a3b2c370eb002f103..08d3da2c70aba8fe0c4bab9ae4eec366cdda7235 100644 (file)
@@ -2189,10 +2189,15 @@ static int __set_regdom(const struct ieee80211_regdomain *rd)
                 * However if a driver requested this specific regulatory
                 * domain we keep it for its private use
                 */
-               if (lr->initiator == NL80211_REGDOM_SET_BY_DRIVER)
+               if (lr->initiator == NL80211_REGDOM_SET_BY_DRIVER) {
+                       const struct ieee80211_regdomain *tmp;
+
+                       tmp = get_wiphy_regdom(request_wiphy);
                        rcu_assign_pointer(request_wiphy->regd, rd);
-               else
+                       rcu_free_regdom(tmp);
+               } else {
                        kfree(rd);
+               }
 
                rd = NULL;