staging: rtl8712: fix potential memory leak

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In r8712_init_drv_sw(), whenever any function call returns error, it is
returned immediately without properly cleaning up the other successfully
executed functions. This can cause memory leak.

Instead of return immediately, free all the allocated buffers first.

Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com>
Signed-off-by: Nam Cao <namcaov@gmail.com>
Link: https://lore.kernel.org/r/0a3414b12031f6cdcba81a8725e91eb9567ff34f.1666688642.git.namcaov@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Nam Cao and committed by

Greg Kroah-Hartman 3 years ago 336ccc31 24244343

+18 -5

1 changed file

expand all

drivers

staging

rtl8712

os_intfs.c

+18 -5

drivers/staging/rtl8712/os_intfs.c

··· 304 304 padapter->cmdpriv.padapter = padapter; 305 305 ret = r8712_init_evt_priv(&padapter->evtpriv); 306 306 if (ret) 307 - return ret; 307 + goto free_cmd; 308 308 ret = r8712_init_mlme_priv(padapter); 309 309 if (ret) 310 - return ret; 310 + goto free_evt; 311 311 ret = _r8712_init_xmit_priv(&padapter->xmitpriv, padapter); 312 312 if (ret) 313 - return ret; 313 + goto free_mlme; 314 314 ret = _r8712_init_recv_priv(&padapter->recvpriv, padapter); 315 315 if (ret) 316 - return ret; 316 + goto free_xmit; 317 317 memset((unsigned char *)&padapter->securitypriv, 0, 318 318 sizeof(struct security_priv)); 319 319 timer_setup(&padapter->securitypriv.tkip_timer, 320 320 r8712_use_tkipkey_handler, 0); 321 321 ret = _r8712_init_sta_priv(&padapter->stapriv); 322 322 if (ret) 323 - return ret; 323 + goto free_recv; 324 324 padapter->stapriv.padapter = padapter; 325 325 r8712_init_bcmc_stainfo(padapter); 326 326 r8712_init_pwrctrl_priv(padapter); 327 327 mp871xinit(padapter); 328 328 init_default_value(padapter); 329 329 r8712_InitSwLeds(padapter); 330 + 331 + return 0; 332 + 333 + free_recv: 334 + _r8712_free_recv_priv(&padapter->recvpriv); 335 + free_xmit: 336 + _free_xmit_priv(&padapter->xmitpriv); 337 + free_mlme: 338 + r8712_free_mlme_priv(&padapter->mlmepriv); 339 + free_evt: 340 + r8712_free_evt_priv(&padapter->evtpriv); 341 + free_cmd: 342 + r8712_free_cmd_priv(&padapter->cmdpriv); 330 343 return ret; 331 344 } 332 345