Commit 19f798ad authored by Krzysztof Wilczynski's avatar Krzysztof Wilczynski Committed by Greg Kroah-Hartman

staging: wlan-ng: Release struct returned by cfg80211_inform_bss to avoid potential memory leak.

Function cfg80211_inform_bss returns a pointer to a referenced struct cfg80211_bss
but no information is needed from this struct in function prism2_scan and therefore
we release it by calling cfg80211_put_bss.
Signed-off-by: default avatarKrzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 89f5e710
...@@ -332,6 +332,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev, ...@@ -332,6 +332,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev,
wlandevice_t *wlandev = dev->ml_priv; wlandevice_t *wlandev = dev->ml_priv;
struct p80211msg_dot11req_scan msg1; struct p80211msg_dot11req_scan msg1;
struct p80211msg_dot11req_scan_results msg2; struct p80211msg_dot11req_scan_results msg2;
struct cfg80211_bss *bss;
int result; int result;
int err = 0; int err = 0;
int numbss = 0; int numbss = 0;
...@@ -401,7 +402,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev, ...@@ -401,7 +402,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev,
ie_buf[1] = msg2.ssid.data.len; ie_buf[1] = msg2.ssid.data.len;
ie_len = ie_buf[1] + 2; ie_len = ie_buf[1] + 2;
memcpy(&ie_buf[2], &(msg2.ssid.data.data), msg2.ssid.data.len); memcpy(&ie_buf[2], &(msg2.ssid.data.data), msg2.ssid.data.len);
cfg80211_inform_bss(wiphy, bss = cfg80211_inform_bss(wiphy,
ieee80211_get_channel(wiphy, ieee80211_dsss_chan_to_freq(msg2.dschannel.data)), ieee80211_get_channel(wiphy, ieee80211_dsss_chan_to_freq(msg2.dschannel.data)),
(const u8 *) &(msg2.bssid.data.data), (const u8 *) &(msg2.bssid.data.data),
msg2.timestamp.data, msg2.capinfo.data, msg2.timestamp.data, msg2.capinfo.data,
...@@ -411,6 +412,13 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev, ...@@ -411,6 +412,13 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev,
(msg2.signal.data - 65536) * 100, /* Conversion to signed type */ (msg2.signal.data - 65536) * 100, /* Conversion to signed type */
GFP_KERNEL GFP_KERNEL
); );
if (!bss) {
err = -ENOMEM;
goto exit;
}
cfg80211_put_bss(bss);
} }
if (result) if (result)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment