From: Ola Olsson <ola1olsson@gmail.com>
Date: Fri, 23 Oct 2015 22:33:12 +0000 (+0200)
Subject: iw: Fix memory leak if nla_put fails
X-Git-Tag: v4.7~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab65a092653d0eea237070ea785f8f2ab6da11e5;p=thirdparty%2Fiw.git

iw: Fix memory leak if nla_put fails

The NLA_PUT macro will automatically goto nla_put_failure if
the underlying nla_put fails. This will in turn leak our malloced
memory in both the scan and wowlan commands.
Fix that by not using the macro in the cases where we have
allocated heap mem.

Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---

diff --git a/scan.c b/scan.c
index 8762784..06c4255 100644
--- a/scan.c
+++ b/scan.c
@@ -458,7 +458,10 @@ static int handle_scan(struct nl80211_state *state,
 			memcpy(&tmpies[ies_len], meshid, meshid_len);
 			free(meshid);
 		}
-		NLA_PUT(msg, NL80211_ATTR_IE, ies_len + meshid_len, tmpies);
+		if (nla_put(msg, NL80211_ATTR_IE, ies_len + meshid_len, tmpies) < 0) {
+			free(tmpies);
+			goto nla_put_failure;
+		}
 		free(tmpies);
 	}
 
diff --git a/wowlan.c b/wowlan.c
index e1d3750..c30eab7 100644
--- a/wowlan.c
+++ b/wowlan.c
@@ -159,8 +159,12 @@ static int wowlan_parse_tcp_file(struct nl_msg *msg, const char *fn)
 			tok->offset = atoi(offs);
 			memcpy(tok->token_stream, stream, stream_len);
 
-			NLA_PUT(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
-				sizeof(*tok) + stream_len, tok);
+			if (nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
+				sizeof(*tok) + stream_len, tok) < 0) {
+				free(stream);
+				free(tok);
+				goto nla_put_failure;
+			}
 			free(stream);
 			free(tok);
 		} else {