iw: fix memory leaks inside handle_scan

author John Crispin <john@phrozen.org>

Fri, 17 May 2019 19:29:55 +0000 (21:29 +0200)

committer Johannes Berg <johannes.berg@intel.com>

Fri, 24 May 2019 08:44:25 +0000 (10:44 +0200)
author John Crispin <john@phrozen.org>
Fri, 17 May 2019 19:29:55 +0000 (21:29 +0200)
committer Johannes Berg <johannes.berg@intel.com>
Fri, 24 May 2019 08:44:25 +0000 (10:44 +0200)
diff --git a/scan.c b/scan.c

index 980bfb41044e9bc26178aac1bc9a6be9abb7d8d7..6ad3ad42da16598be67b9a961ad699575d7a918e 100644 (file)
--- a/scan.c
+++ b/scan.c
@@ -389,7 +389,7 @@ static int handle_scan(struct nl80211_state *state,
         bool passive = false, have_ssids = false, have_freqs = false;
         bool duration_mandatory = false;
         size_t ies_len = 0, meshid_len = 0;
-       unsigned char *ies = NULL, *meshid = NULL, *tmpies;
+       unsigned char *ies = NULL, *meshid = NULL, *tmpies = NULL;
         unsigned int flags = 0;
  
         ssids = nlmsg_alloc();
@@ -450,7 +450,8 @@ static int handle_scan(struct nl80211_state *state,
                 case DONE:
                         nlmsg_free(ssids);
                         nlmsg_free(freqs);
-                       return 1;
+                       err = 1;
+                       goto nla_put_failure;
                 case FREQ:
                         freq = strtoul(argv[i], &eptr, 10);
                         if (eptr != argv[i] + strlen(argv[i])) {
@@ -462,6 +463,8 @@ static int handle_scan(struct nl80211_state *state,
                         NLA_PUT_U32(freqs, i, freq);
                         break;
                 case IES:
+                       if (ies)
+                               free(ies);
                         ies = parse_hex(argv[i], &ies_len);
                         if (!ies)
                                 goto nla_put_failure;
@@ -490,24 +493,14 @@ static int handle_scan(struct nl80211_state *state,
  
         if (ies || meshid) {
                 tmpies = (unsigned char *) malloc(ies_len + meshid_len);
-               if (!tmpies) {
-                       free(ies);
-                       free(meshid);
+               if (!tmpies)
                         goto nla_put_failure;
-               }
-               if (ies) {
+               if (ies)
                         memcpy(tmpies, ies, ies_len);
-                       free(ies);
-               }
-               if (meshid) {
+               if (meshid)
                         memcpy(&tmpies[ies_len], meshid, meshid_len);
-                       free(meshid);
-               }
-               if (nla_put(msg, NL80211_ATTR_IE, ies_len + meshid_len, tmpies) < 0) {
-                       free(tmpies);
+               if (nla_put(msg, NL80211_ATTR_IE, ies_len + meshid_len, tmpies) < 0)
                         goto nla_put_failure;
-               }
-               free(tmpies);
         }
  
         if (!have_ssids)
@@ -535,6 +528,12 @@ static int handle_scan(struct nl80211_state *state,
   nla_put_failure:
         nlmsg_free(ssids);
         nlmsg_free(freqs);
+       if (meshid)
+               free(meshid);
+       if (ies)
+               free(ies);
+       if (tmpies)
+               free(tmpies);
         return err;
  }
author	John Crispin <john@phrozen.org>
	Fri, 17 May 2019 19:29:55 +0000 (21:29 +0200)
committer	Johannes Berg <johannes.berg@intel.com>
	Fri, 24 May 2019 08:44:25 +0000 (10:44 +0200)