staging: wilc1000: avoid 'NULL' pointer access in wilc_network_info_received()

Added 'NULL' check before accessing the allocated memory. Free up the memory incase of failure to enqueue the command. Used kmemdup instead of kmalloc & memcpy. Signed-off-by: Ajay Singh <ajay.kathat@microchip.com> Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: wilc1000: avoid 'NULL' pointer access in wilc_network_info_received()
Added 'NULL' check before accessing the allocated memory. Free up the memory incase of failure to enqueue the command. Used kmemdup instead of kmalloc & memcpy. Signed-off-by: Ajay Singh <ajay.kathat@microchip.com> Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
25b95133 · Ajay Singh · Greg Kroah-Hartman · 56294f87 · 25b95133
Commit 25b95133 authored Mar 26, 2018 by Ajay Singh Committed by Greg Kroah-Hartman Mar 28, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 3 deletions

drivers/staging/wilc1000/host_interface.c drivers/staging/wilc1000/host_interface.c +6 -3

No files found.
--- a/drivers/staging/wilc1000/host_interface.c
+++ b/drivers/staging/wilc1000/host_interface.c
@@ -3465,12 +3465,15 @@ void wilc_network_info_received(struct wilc *wilc, u8 *buffer, u32 length)
 	msg.vif = vif;

 	msg.body.net_info.len = length;
-	msg.body.net_info.buffer = kmalloc(length, GFP_KERNEL);
-	memcpy(msg.body.net_info.buffer, buffer, length);
+	msg.body.net_info.buffer = kmemdup(buffer, length, GFP_KERNEL);
+	if (!msg.body.net_info.buffer)
+		return;

 	result = wilc_enqueue_cmd(&msg);
-	if (result)
+	if (result) {
 		netdev_err(vif->ndev, "message parameters (%d)\n", result);
+		kfree(msg.body.net_info.buffer);
+	}
 }

 void wilc_gnrl_async_info_received(struct wilc *wilc, u8 *buffer, u32 length)