Эх сурвалжийг харах

qcacld-3.0: Fix memory leak for mlm_set_keys_req

mlm_set_keys_req may leak if return in some fail case or
there is no WMA_SET_STAKEY_RSP.

Change-Id: Ib89709a6656cfcff18341257e116861774489c8c
CRs-Fixed: 2166374
Jingxiang Ge 7 жил өмнө
parent
commit
4168a2387c

+ 5 - 1
core/mac/src/pe/lim/lim_process_mlm_req_messages.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011-2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -1926,6 +1926,10 @@ lim_process_mlm_set_keys_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
 	}
 
 	mlm_set_keys_req = (tLimMlmSetKeysReq *) msg_buf;
+	if (mac_ctx->lim.gpLimMlmSetKeysReq != NULL) {
+		qdf_mem_free(mac_ctx->lim.gpLimMlmSetKeysReq);
+		mac_ctx->lim.gpLimMlmSetKeysReq = NULL;
+	}
 	/* Hold onto the SetKeys request parameters */
 	mac_ctx->lim.gpLimMlmSetKeysReq = (void *)mlm_set_keys_req;
 	session = pe_find_session_by_session_id(mac_ctx,

+ 2 - 1
core/mac/src/pe/lim/lim_process_sme_req_messages.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -2924,6 +2924,7 @@ __lim_process_sme_set_context_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
 		if (mlm_set_key_req->numKeys >
 				SIR_MAC_MAX_NUM_OF_DEFAULT_KEYS) {
 			pe_err("no.of keys exceeded max num of default keys limit");
+			qdf_mem_free(mlm_set_key_req);
 			goto end;
 		}
 		qdf_copy_macaddr(&mlm_set_key_req->peer_macaddr,

+ 9 - 6
core/mac/src/pe/lim/lim_security_utils.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -901,7 +901,7 @@ void lim_send_set_sta_key_req(tpAniSirGlobal pMac,
 	pSetStaKeyParams = qdf_mem_malloc(sizeof(tSetStaKeyParams));
 	if (NULL == pSetStaKeyParams) {
 		pe_err("Unable to allocate memory during SET_BSSKEY");
-		return;
+		goto fail;
 	}
 
 	/* Update the WMA_SET_STAKEY_REQ parameters */
@@ -990,8 +990,7 @@ void lim_send_set_sta_key_req(tpAniSirGlobal pMac,
 					SIR_MAC_MAX_NUM_OF_DEFAULT_KEYS;
 			} else {
 				pe_err("Wrong Key Index %d", defWEPIdx);
-				qdf_mem_free(pSetStaKeyParams);
-				return;
+				goto free_sta_key;
 			}
 		}
 		break;
@@ -1024,11 +1023,15 @@ void lim_send_set_sta_key_req(tpAniSirGlobal pMac,
 	if (eSIR_SUCCESS != retCode) {
 		pe_err("Posting SET_STAKEY to HAL failed, reason=%X",
 			retCode);
-		/* Respond to SME with LIM_MLM_SETKEYS_CNF */
-		mlmSetKeysCnf.resultCode = eSIR_SME_HAL_SEND_MESSAGE_FAIL;
+		goto free_sta_key;
 	} else
 		return;         /* Continue after WMA_SET_STAKEY_RSP... */
 
+free_sta_key:
+	qdf_mem_free(pSetStaKeyParams);
+fail:
+	/* Respond to SME with LIM_MLM_SETKEYS_CNF */
+	mlmSetKeysCnf.resultCode = eSIR_SME_HAL_SEND_MESSAGE_FAIL;
 	if (sendRsp == true)
 		lim_post_sme_set_keys_cnf(pMac, pMlmSetKeysReq, &mlmSetKeysCnf);
 }