summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Kilroy <kilroyd@googlemail.com>2009-08-19 01:43:31 +0200
committerJohn W. Linville <linville@tuxdriver.com>2009-08-20 17:36:06 +0200
commit415ad1efae1d5fe00d739e612d262eabda90f5e8 (patch)
tree285f400386932f691849b3c0114c322b64214a88
parentar9170: refactor configure_filter (diff)
downloadlinux-415ad1efae1d5fe00d739e612d262eabda90f5e8.tar.xz
linux-415ad1efae1d5fe00d739e612d262eabda90f5e8.zip
cfg80211: fix leaks of wdev->conn->ie
This only occurs in the following error situations: - driver calls connect_result with failure - error scheduling authentication on connect - error initiating scan (to get BSSID and channel) on connect - userspace calls disconnect while in the SCANNING or SCAN_AGAIN states Signed-off-by: David Kilroy <kilroyd@googlemail.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/wireless/sme.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 6fb6a704ca40..9ddc00e3c239 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -395,6 +395,8 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
if (status != WLAN_STATUS_SUCCESS) {
wdev->sme_state = CFG80211_SME_IDLE;
+ if (wdev->conn)
+ kfree(wdev->conn->ie);
kfree(wdev->conn);
wdev->conn = NULL;
kfree(wdev->connect_keys);
@@ -779,6 +781,7 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
}
}
if (err) {
+ kfree(wdev->conn->ie);
kfree(wdev->conn);
wdev->conn = NULL;
wdev->sme_state = CFG80211_SME_IDLE;
@@ -848,6 +851,7 @@ int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
(wdev->conn->state == CFG80211_CONN_SCANNING ||
wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) {
wdev->sme_state = CFG80211_SME_IDLE;
+ kfree(wdev->conn->ie);
kfree(wdev->conn);
wdev->conn = NULL;
wdev->ssid_len = 0;