rsi: Fix a potential memory leak in rsi_set_channel()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Fix a potential memory leak in function rsi_set_channel() that is used to
program channel changes. The channel check block for the frequency bands
directly exits the function in case of an error, thus leaving an already
allocated skb unreferenced. Move the checks above allocating the skb.
Detected by Coverity: CID 1195576.

Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

authored by

Christian Engelmayer and committed by

John W. Linville 12 years ago 98ddcbe0 af64dc74

+10 -10

1 changed file

expand all

drivers

net

wireless

rsi

rsi_91x_mgmt.c

+10 -10

drivers/net/wireless/rsi/rsi_91x_mgmt.c

··· 841 841 rsi_dbg(MGMT_TX_ZONE, 842 842 "%s: Sending scan req frame\n", __func__); 843 843 844 - skb = dev_alloc_skb(FRAME_DESC_SZ); 845 - if (!skb) { 846 - rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n", 847 - __func__); 848 - return -ENOMEM; 849 - } 850 - 851 - memset(skb->data, 0, FRAME_DESC_SZ); 852 - mgmt_frame = (struct rsi_mac_frame *)skb->data; 853 - 854 844 if (common->band == IEEE80211_BAND_5GHZ) { 855 845 if ((channel >= 36) && (channel <= 64)) 856 846 channel = ((channel - 32) / 4); ··· 857 867 return -EINVAL; 858 868 } 859 869 } 870 + 871 + skb = dev_alloc_skb(FRAME_DESC_SZ); 872 + if (!skb) { 873 + rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n", 874 + __func__); 875 + return -ENOMEM; 876 + } 877 + 878 + memset(skb->data, 0, FRAME_DESC_SZ); 879 + mgmt_frame = (struct rsi_mac_frame *)skb->data; 860 880 861 881 mgmt_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12); 862 882 mgmt_frame->desc_word[1] = cpu_to_le16(SCAN_REQUEST);