From: Kevin McKinney Date: Fri, 2 Mar 2012 05:17:04 +0000 (-0500) Subject: Staging: bcm: fix possible memory leak of 'pstAddIndication' in CmHost.c and removes... X-Git-Tag: MMI-PSA29.97-13-9~17268^2~79 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=cc55bb03ea17fcbeffb5ae3ec68ea1f8673bc0c8;p=GitHub%2FMotorolaMobilityLLC%2Fkernel-slsi.git Staging: bcm: fix possible memory leak of 'pstAddIndication' in CmHost.c and removes a whitespace Memory is being allocated by kmalloc and stored in variable pstAddIndication. However, this memory is not being freed in all cases. Therefore, this patch frees it on several exit paths. This patch also removes a whitespace. Signed-off-by: Kevin McKinney Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/bcm/CmHost.c b/drivers/staging/bcm/CmHost.c index e332f1e7c11e..7e38af5e1765 100644 --- a/drivers/staging/bcm/CmHost.c +++ b/drivers/staging/bcm/CmHost.c @@ -1399,12 +1399,16 @@ ULONG StoreCmControlResponseMessage(PMINI_ADAPTER Adapter, PVOID pvBuffer, UINT /* AUTHORIZED SET */ pstAddIndication->psfAuthorizedSet = (stServiceFlowParamSI *) GetNextTargetBufferLocation(Adapter, pstAddIndicationAlt->u16TID); - if (!pstAddIndication->psfAuthorizedSet) + if (!pstAddIndication->psfAuthorizedSet) { + kfree(pstAddIndication); return 0; + } if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfAuthorizedSet, - (ULONG)pstAddIndication->psfAuthorizedSet) != 1) + (ULONG)pstAddIndication->psfAuthorizedSet) != 1) { + kfree(pstAddIndication); return 0; + } /* this can't possibly be right */ pstAddIndication->psfAuthorizedSet = (stServiceFlowParamSI *)ntohl((ULONG)pstAddIndication->psfAuthorizedSet); @@ -1420,6 +1424,7 @@ ULONG StoreCmControlResponseMessage(PMINI_ADAPTER Adapter, PVOID pvBuffer, UINT AddRequest.psfParameterSet = pstAddIndication->psfAuthorizedSet; (*puBufferLength) = sizeof(stLocalSFAddRequest); memcpy(pvBuffer, &AddRequest, sizeof(stLocalSFAddRequest)); + kfree(pstAddIndication); return 1; } @@ -1436,20 +1441,28 @@ ULONG StoreCmControlResponseMessage(PMINI_ADAPTER Adapter, PVOID pvBuffer, UINT /* ADMITTED SET */ pstAddIndication->psfAdmittedSet = (stServiceFlowParamSI *) GetNextTargetBufferLocation(Adapter, pstAddIndicationAlt->u16TID); - if (!pstAddIndication->psfAdmittedSet) + if (!pstAddIndication->psfAdmittedSet) { + kfree(pstAddIndication); return 0; - if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfAdmittedSet, (ULONG)pstAddIndication->psfAdmittedSet) != 1) + } + if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfAdmittedSet, (ULONG)pstAddIndication->psfAdmittedSet) != 1) { + kfree(pstAddIndication); return 0; + } pstAddIndication->psfAdmittedSet = (stServiceFlowParamSI *)ntohl((ULONG)pstAddIndication->psfAdmittedSet); /* ACTIVE SET */ pstAddIndication->psfActiveSet = (stServiceFlowParamSI *) GetNextTargetBufferLocation(Adapter, pstAddIndicationAlt->u16TID); - if (!pstAddIndication->psfActiveSet) + if (!pstAddIndication->psfActiveSet) { + kfree(pstAddIndication); return 0; - if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfActiveSet, (ULONG)pstAddIndication->psfActiveSet) != 1) + } + if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfActiveSet, (ULONG)pstAddIndication->psfActiveSet) != 1) { + kfree(pstAddIndication); return 0; + } pstAddIndication->psfActiveSet = (stServiceFlowParamSI *)ntohl((ULONG)pstAddIndication->psfActiveSet); @@ -1844,7 +1857,7 @@ BOOLEAN CmControlResponseMessage(PMINI_ADAPTER Adapter, /* PackInfo[uiSearchRuleIndex].bActive = FALSE; Adapter->PackInfo[uiSearchRuleIndex].bValid = FALSE; Adapter->PackInfo[uiSearchRuleIndex].usVCID_Value = 0; - kfree(pstAddIndication); + kfree(pstAddIndication); } else if (psfLocalSet->bValid && (pstChangeIndication->u8CC == 0)) { Adapter->PackInfo[uiSearchRuleIndex].usVCID_Value = ntohs(pstChangeIndication->u16VCID); BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "CC field is %d bvalid = %d\n",