cfg80211: fix memory leak of wiphy device name
authorEric Biggers <ebiggers@google.com>
Mon, 10 Jun 2019 20:02:19 +0000 (13:02 -0700)
committerJohannes Berg <johannes.berg@intel.com>
Fri, 14 Jun 2019 13:46:33 +0000 (15:46 +0200)
In wiphy_new_nm(), if an error occurs after dev_set_name() and
device_initialize() have already been called, it's necessary to call
put_device() (via wiphy_free()) to avoid a memory leak.

Reported-by: syzbot+7fddca22578bc67c3fe4@syzkaller.appspotmail.com
Fixes: 1f87f7d3a3b4 ("cfg80211: add rfkill support")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/wireless/core.c

index 4e83892f1ac2584e452c9da9d6cc234a489e4414..c58acca093012efe6b55c1f73224eded9fdc5caf 100644 (file)
@@ -513,7 +513,7 @@ use_default_name:
                                   &rdev->rfkill_ops, rdev);
 
        if (!rdev->rfkill) {
-               kfree(rdev);
+               wiphy_free(&rdev->wiphy);
                return NULL;
        }