From: Julia Lawall Date: Fri, 28 Jan 2011 14:17:11 +0000 (+0100) Subject: net/wireless/nl80211.c: Avoid call to genlmsg_cancel X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=efe1cf0c5743caf4daccb57b399ef63edad41c9d;p=openwrt%2Fstaging%2Fblogic.git net/wireless/nl80211.c: Avoid call to genlmsg_cancel genlmsg_cancel subtracts some constants from its second argument before calling nlmsg_cancel. nlmsg_cancel then calls nlmsg_trim on the same arguments. nlmsg_trim tests for NULL before doing any computation, but a NULL second argument to genlmsg_cancel is no longer NULL due to the initial subtraction. Nothing else happens in this execution, so the call to genlmsg_cancel is simply unnecessary in this case. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression data; @@ if (data == NULL) { ... * genlmsg_cancel(..., data); ... return ...; } // Signed-off-by: Julia Lawall Signed-off-by: John W. Linville --- diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 9b62710891a2..864ddfbeff2f 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -2718,7 +2718,7 @@ static int nl80211_get_mesh_config(struct sk_buff *skb, hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, NL80211_CMD_GET_MESH_CONFIG); if (!hdr) - goto nla_put_failure; + goto out; pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); if (!pinfoattr) goto nla_put_failure; @@ -2759,6 +2759,7 @@ static int nl80211_get_mesh_config(struct sk_buff *skb, nla_put_failure: genlmsg_cancel(msg, hdr); + out: nlmsg_free(msg); return -ENOBUFS; } @@ -2954,7 +2955,7 @@ static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, NL80211_CMD_GET_REG); if (!hdr) - goto nla_put_failure; + goto put_failure; NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, cfg80211_regdomain->alpha2); @@ -3001,6 +3002,7 @@ static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) nla_put_failure: genlmsg_cancel(msg, hdr); +put_failure: nlmsg_free(msg); err = -EMSGSIZE; out: