3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-03 19:02:34 +01:00

ap: Fix cleanup on ap_parse_new_station_ies errors

This commit is contained in:
Andrew Zaborowski 2021-01-30 00:27:37 +01:00 committed by Denis Kenzior
parent af93217701
commit 065f19b479

View File

@ -2208,14 +2208,15 @@ static bool ap_parse_new_station_ies(const void *data, uint16_t len,
while (ie_tlv_iter_next(&iter)) { while (ie_tlv_iter_next(&iter)) {
switch (ie_tlv_iter_get_tag(&iter)) { switch (ie_tlv_iter_get_tag(&iter)) {
case IE_TYPE_RSN: case IE_TYPE_RSN:
if (ie_parse_rsne(&iter, NULL) < 0) if (rsn || ie_parse_rsne(&iter, NULL) < 0)
goto parse_error; goto parse_error;
rsn = l_memdup(ie_tlv_iter_get_data(&iter) - 2, rsn = l_memdup(ie_tlv_iter_get_data(&iter) - 2,
ie_tlv_iter_get_length(&iter) + 2); ie_tlv_iter_get_length(&iter) + 2);
break; break;
case IE_TYPE_EXTENDED_SUPPORTED_RATES: case IE_TYPE_EXTENDED_SUPPORTED_RATES:
if (ap_parse_supported_rates(&iter, &rates) < 0) if (rates || ap_parse_supported_rates(&iter, &rates) <
0)
goto parse_error; goto parse_error;
break; break;
@ -2254,13 +2255,16 @@ static void ap_handle_new_station(struct ap_state *ap, struct l_genl_msg *msg)
while (l_genl_attr_next(&attr, &type, &len, &data)) { while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) { switch (type) {
case NL80211_ATTR_IE: case NL80211_ATTR_IE:
if (assoc_rsne || rates)
goto cleanup;
if (!ap_parse_new_station_ies(data, len, &assoc_rsne, if (!ap_parse_new_station_ies(data, len, &assoc_rsne,
&rates)) &rates))
return; return;
break; break;
case NL80211_ATTR_MAC: case NL80211_ATTR_MAC:
if (len != 6) if (len != 6)
return; goto cleanup;
memcpy(mac, data, 6); memcpy(mac, data, 6);
break; break;
@ -2268,18 +2272,15 @@ static void ap_handle_new_station(struct ap_state *ap, struct l_genl_msg *msg)
} }
if (!assoc_rsne || !rates) if (!assoc_rsne || !rates)
return; goto cleanup;
/* /*
* Softmac's should already have a station created. The above check * Softmac's should already have a station created. The above check
* may also fail for softmac cards. * may also fail for softmac cards.
*/ */
sta = l_queue_find(ap->sta_states, ap_sta_match_addr, mac); sta = l_queue_find(ap->sta_states, ap_sta_match_addr, mac);
if (sta) { if (sta)
l_free(assoc_rsne); goto cleanup;
l_uintset_free(rates);
return;
}
sta = l_new(struct sta_state, 1); sta = l_new(struct sta_state, 1);
memcpy(sta->addr, mac, 6); memcpy(sta->addr, mac, 6);
@ -2304,6 +2305,12 @@ static void ap_handle_new_station(struct ap_state *ap, struct l_genl_msg *msg)
l_error("Issuing SET_STATION failed"); l_error("Issuing SET_STATION failed");
ap_del_station(sta, MMPDU_REASON_CODE_UNSPECIFIED, true); ap_del_station(sta, MMPDU_REASON_CODE_UNSPECIFIED, true);
} }
return;
cleanup:
l_free(assoc_rsne);
l_uintset_free(rates);
} }
static void ap_handle_del_station(struct ap_state *ap, struct l_genl_msg *msg) static void ap_handle_del_station(struct ap_state *ap, struct l_genl_msg *msg)