From: Jesper Juhl Date: Fri, 27 Jan 2012 23:23:41 +0000 (+0100) Subject: [SCSI] bfa: don't leak mem in bfad_im_bsg_els_ct_request() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=64b8aa75bc101eb73e2c76a66fb5432b4c83ffb2;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git [SCSI] bfa: don't leak mem in bfad_im_bsg_els_ct_request() If 'drv_fcxp = kzalloc(sizeof(struct bfad_fcxp), GFP_KERNEL);' fails and returns NULL, then we'll leak the memory allocated to 'bsg_fcpt' when we jump to 'out:' and the variable subsequently goes out of scope. Also remove the cast of the kzalloc() return value. kzalloc() returns a void* which is implicitly converted, so the explicit cast is pointless. Signed-off-by: Jesper Juhl Acked-by: Krishna Gudipati Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c index 530de2b1200a..8005c6c5a080 100644 --- a/drivers/scsi/bfa/bfad_bsg.c +++ b/drivers/scsi/bfa/bfad_bsg.c @@ -3047,8 +3047,7 @@ bfad_im_bsg_els_ct_request(struct fc_bsg_job *job) * Allocate buffer for bsg_fcpt and do a copy_from_user op for payload * buffer of size bsg_data->payload_len */ - bsg_fcpt = (struct bfa_bsg_fcpt_s *) - kzalloc(bsg_data->payload_len, GFP_KERNEL); + bsg_fcpt = kzalloc(bsg_data->payload_len, GFP_KERNEL); if (!bsg_fcpt) goto out; @@ -3060,6 +3059,7 @@ bfad_im_bsg_els_ct_request(struct fc_bsg_job *job) drv_fcxp = kzalloc(sizeof(struct bfad_fcxp), GFP_KERNEL); if (drv_fcxp == NULL) { + kfree(bsg_fcpt); rc = -ENOMEM; goto out; }