Commit 086f7a4d authored by Christian Engelmayer's avatar Christian Engelmayer Committed by Greg Kroah-Hartman

staging: rtl8723au: fix potential leak in update_bcn_wps_ie()

Fix a potential leak in the error path of function update_bcn_wps_ie().
Move the affected input verification to the beginning of the function so
that it may return directly without leaking already allocated memory.
Detected by Coverity - CID 1077718.
Signed-off-by: default avatarChristian Engelmayer <cengelma@gmx.at>
Signed-off-by: default avatarJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 6e8bc71d
......@@ -1252,6 +1252,10 @@ static void update_bcn_wps_ie(struct rtw_adapter *padapter)
DBG_8723A("%s\n", __func__);
pwps_ie_src = pmlmepriv->wps_beacon_ie;
if (pwps_ie_src == NULL)
return;
pwps_ie = rtw_get_wps_ie23a(ie+_FIXED_IE_LENGTH_, ielen-_FIXED_IE_LENGTH_, NULL, &wps_ielen);
if (pwps_ie == NULL || wps_ielen == 0)
......@@ -1270,10 +1274,6 @@ static void update_bcn_wps_ie(struct rtw_adapter *padapter)
remainder_ielen);
}
pwps_ie_src = pmlmepriv->wps_beacon_ie;
if (pwps_ie_src == NULL)
return;
wps_ielen = (uint)pwps_ie_src[1];/* to get ie data len */
if ((wps_offset+wps_ielen+2+remainder_ielen)<= MAX_IE_SZ)
{
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment