mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-23 06:02:37 +01:00
netdev: do not leak auth_cmd
Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x7fa226fbf0f8 in __interceptor_malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/9.4.0/libasan.so.5+0x10c0f8) #1 0x688c98 in l_malloc ell/util.c:62 #2 0x6c2b19 in msg_alloc ell/genl.c:740 #3 0x6cb32c in l_genl_msg_new_sized ell/genl.c:1567 #4 0x424f57 in netdev_build_cmd_authenticate src/netdev.c:3285 #5 0x425b50 in netdev_sae_tx_authenticate src/netdev.c:3385
This commit is contained in:
parent
60366346fb
commit
7c30fc2cbf
17
src/netdev.c
17
src/netdev.c
@ -3393,6 +3393,18 @@ static void netdev_sae_tx_authenticate(const uint8_t *body,
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Sometimes due to the way the scheduling works out, netdev_auth_cb
|
||||
* is sent after the SAE Authentication reply from the AP arrives.
|
||||
* Do not leak auth_cmd if this occurs. Note that if auth_cmd is not
|
||||
* NULL and we are here, there's no further reason to save off auth_cmd.
|
||||
* This is done only if the kernel's cache lacks the BSS we are trying
|
||||
* to communicate with.
|
||||
*/
|
||||
if (netdev->auth_cmd) {
|
||||
l_genl_msg_unref(netdev->auth_cmd);
|
||||
netdev->auth_cmd = NULL;
|
||||
} else
|
||||
netdev->auth_cmd = l_genl_msg_ref(msg);
|
||||
}
|
||||
|
||||
@ -3450,6 +3462,11 @@ static void netdev_fils_tx_authenticate(const uint8_t *body,
|
||||
return;
|
||||
}
|
||||
|
||||
/* See comment in netdev_sae_tx_authenticate */
|
||||
if (netdev->auth_cmd) {
|
||||
l_genl_msg_unref(netdev->auth_cmd);
|
||||
netdev->auth_cmd = NULL;
|
||||
} else
|
||||
netdev->auth_cmd = l_genl_msg_ref(msg);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user