From cd9ef8b077d9961166bb2c77d5691f534f1ca169 Mon Sep 17 00:00:00 2001 From: Kevin McKinney Date: Fri, 2 Mar 2012 00:17:04 -0500 Subject: [PATCH] Staging: bcm: fix possible memory leak of 'pstAddIndication' in CmHost.c and removes a whitespace Memory is being allocated by kmalloc and stored in variable pstAddIndication. However, this memory is not being freed in all cases. Therefore, this patch frees it on several exit paths. This patch also removes a whitespace. Signed-off-by: Kevin McKinney Signed-off-by: Greg Kroah-Hartman --- drivers/staging/bcm/CmHost.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/drivers/staging/bcm/CmHost.c b/drivers/staging/bcm/CmHost.c index e332f1e7c11e1..7e38af5e17657 100644 --- a/drivers/staging/bcm/CmHost.c +++ b/drivers/staging/bcm/CmHost.c @@ -1399,12 +1399,16 @@ ULONG StoreCmControlResponseMessage(PMINI_ADAPTER Adapter, PVOID pvBuffer, UINT /* AUTHORIZED SET */ pstAddIndication->psfAuthorizedSet = (stServiceFlowParamSI *) GetNextTargetBufferLocation(Adapter, pstAddIndicationAlt->u16TID); - if (!pstAddIndication->psfAuthorizedSet) + if (!pstAddIndication->psfAuthorizedSet) { + kfree(pstAddIndication); return 0; + } if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfAuthorizedSet, - (ULONG)pstAddIndication->psfAuthorizedSet) != 1) + (ULONG)pstAddIndication->psfAuthorizedSet) != 1) { + kfree(pstAddIndication); return 0; + } /* this can't possibly be right */ pstAddIndication->psfAuthorizedSet = (stServiceFlowParamSI *)ntohl((ULONG)pstAddIndication->psfAuthorizedSet); @@ -1420,6 +1424,7 @@ ULONG StoreCmControlResponseMessage(PMINI_ADAPTER Adapter, PVOID pvBuffer, UINT AddRequest.psfParameterSet = pstAddIndication->psfAuthorizedSet; (*puBufferLength) = sizeof(stLocalSFAddRequest); memcpy(pvBuffer, &AddRequest, sizeof(stLocalSFAddRequest)); + kfree(pstAddIndication); return 1; } @@ -1436,20 +1441,28 @@ ULONG StoreCmControlResponseMessage(PMINI_ADAPTER Adapter, PVOID pvBuffer, UINT /* ADMITTED SET */ pstAddIndication->psfAdmittedSet = (stServiceFlowParamSI *) GetNextTargetBufferLocation(Adapter, pstAddIndicationAlt->u16TID); - if (!pstAddIndication->psfAdmittedSet) + if (!pstAddIndication->psfAdmittedSet) { + kfree(pstAddIndication); return 0; - if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfAdmittedSet, (ULONG)pstAddIndication->psfAdmittedSet) != 1) + } + if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfAdmittedSet, (ULONG)pstAddIndication->psfAdmittedSet) != 1) { + kfree(pstAddIndication); return 0; + } pstAddIndication->psfAdmittedSet = (stServiceFlowParamSI *)ntohl((ULONG)pstAddIndication->psfAdmittedSet); /* ACTIVE SET */ pstAddIndication->psfActiveSet = (stServiceFlowParamSI *) GetNextTargetBufferLocation(Adapter, pstAddIndicationAlt->u16TID); - if (!pstAddIndication->psfActiveSet) + if (!pstAddIndication->psfActiveSet) { + kfree(pstAddIndication); return 0; - if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfActiveSet, (ULONG)pstAddIndication->psfActiveSet) != 1) + } + if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfActiveSet, (ULONG)pstAddIndication->psfActiveSet) != 1) { + kfree(pstAddIndication); return 0; + } pstAddIndication->psfActiveSet = (stServiceFlowParamSI *)ntohl((ULONG)pstAddIndication->psfActiveSet); @@ -1844,7 +1857,7 @@ BOOLEAN CmControlResponseMessage(PMINI_ADAPTER Adapter, /* PackInfo[uiSearchRuleIndex].bActive = FALSE; Adapter->PackInfo[uiSearchRuleIndex].bValid = FALSE; Adapter->PackInfo[uiSearchRuleIndex].usVCID_Value = 0; - kfree(pstAddIndication); + kfree(pstAddIndication); } else if (psfLocalSet->bValid && (pstChangeIndication->u8CC == 0)) { Adapter->PackInfo[uiSearchRuleIndex].usVCID_Value = ntohs(pstChangeIndication->u16VCID); BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "CC field is %d bvalid = %d\n", -- 2.39.5