Staging: bcm: fix possible memory leak of 'pstAddIndication' in CmHost.c and removes...
authorKevin McKinney <klmckinney1@gmail.com>
Fri, 2 Mar 2012 05:17:04 +0000 (00:17 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 3 Mar 2012 00:36:55 +0000 (16:36 -0800)
Memory is being allocated by kmalloc and stored in
variable pstAddIndication.  However, this memory is
not being freed in all cases. Therefore, this patch
frees it on several exit paths. This patch also
removes a whitespace.

Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/bcm/CmHost.c

index e332f1e..7e38af5 100644 (file)
@@ -1399,12 +1399,16 @@ ULONG StoreCmControlResponseMessage(PMINI_ADAPTER Adapter, PVOID pvBuffer, UINT
        /* AUTHORIZED SET */
        pstAddIndication->psfAuthorizedSet = (stServiceFlowParamSI *)
                        GetNextTargetBufferLocation(Adapter, pstAddIndicationAlt->u16TID);
-       if (!pstAddIndication->psfAuthorizedSet)
+       if (!pstAddIndication->psfAuthorizedSet) {
+               kfree(pstAddIndication);
                return 0;
+       }
 
        if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfAuthorizedSet,
-                               (ULONG)pstAddIndication->psfAuthorizedSet) != 1)
+                               (ULONG)pstAddIndication->psfAuthorizedSet) != 1) {
+               kfree(pstAddIndication);
                return 0;
+       }
 
        /* this can't possibly be right */
        pstAddIndication->psfAuthorizedSet = (stServiceFlowParamSI *)ntohl((ULONG)pstAddIndication->psfAuthorizedSet);
@@ -1420,6 +1424,7 @@ ULONG StoreCmControlResponseMessage(PMINI_ADAPTER Adapter, PVOID pvBuffer, UINT
                AddRequest.psfParameterSet = pstAddIndication->psfAuthorizedSet;
                (*puBufferLength) = sizeof(stLocalSFAddRequest);
                memcpy(pvBuffer, &AddRequest, sizeof(stLocalSFAddRequest));
+               kfree(pstAddIndication);
                return 1;
        }
 
@@ -1436,20 +1441,28 @@ ULONG StoreCmControlResponseMessage(PMINI_ADAPTER Adapter, PVOID pvBuffer, UINT
        /* ADMITTED SET */
        pstAddIndication->psfAdmittedSet = (stServiceFlowParamSI *)
                GetNextTargetBufferLocation(Adapter, pstAddIndicationAlt->u16TID);
-       if (!pstAddIndication->psfAdmittedSet)
+       if (!pstAddIndication->psfAdmittedSet) {
+               kfree(pstAddIndication);
                return 0;
-       if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfAdmittedSet, (ULONG)pstAddIndication->psfAdmittedSet) != 1)
+       }
+       if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfAdmittedSet, (ULONG)pstAddIndication->psfAdmittedSet) != 1) {
+               kfree(pstAddIndication);
                return 0;
+       }
 
        pstAddIndication->psfAdmittedSet = (stServiceFlowParamSI *)ntohl((ULONG)pstAddIndication->psfAdmittedSet);
 
        /* ACTIVE SET */
        pstAddIndication->psfActiveSet = (stServiceFlowParamSI *)
                GetNextTargetBufferLocation(Adapter, pstAddIndicationAlt->u16TID);
-       if (!pstAddIndication->psfActiveSet)
+       if (!pstAddIndication->psfActiveSet) {
+               kfree(pstAddIndication);
                return 0;
-       if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfActiveSet, (ULONG)pstAddIndication->psfActiveSet) != 1)
+       }
+       if (StoreSFParam(Adapter, (PUCHAR)&pstAddIndicationAlt->sfActiveSet, (ULONG)pstAddIndication->psfActiveSet) != 1) {
+               kfree(pstAddIndication);
                return 0;
+       }
 
        pstAddIndication->psfActiveSet = (stServiceFlowParamSI *)ntohl((ULONG)pstAddIndication->psfActiveSet);
 
@@ -1844,7 +1857,7 @@ BOOLEAN CmControlResponseMessage(PMINI_ADAPTER Adapter,  /* <Pointer to the Adap
                                Adapter->PackInfo[uiSearchRuleIndex].bActive = FALSE;
                                Adapter->PackInfo[uiSearchRuleIndex].bValid = FALSE;
                                Adapter->PackInfo[uiSearchRuleIndex].usVCID_Value = 0;
-                               kfree(pstAddIndication);                                
+                               kfree(pstAddIndication);
                        } else if (psfLocalSet->bValid && (pstChangeIndication->u8CC == 0)) {
                                Adapter->PackInfo[uiSearchRuleIndex].usVCID_Value = ntohs(pstChangeIndication->u16VCID);
                                BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "CC field is %d bvalid = %d\n",