staging: rtl8188eu: fix potential leak in update_bcn_wps_ie()

Fix a potential leak in the error path of function update_bcn_wps_ie().
Move the affected input verification to the beginning of the function so
that it may return directly without leaking already allocated memory.
Detected by Coverity - CID 1077718.

Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Acked-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Christian Engelmayer 2014-05-07 21:42:27 +02:00 committed by Greg Kroah-Hartman
parent e0e2c5cde5
commit c60a960775

View file

@ -1306,6 +1306,10 @@ static void update_bcn_wps_ie(struct adapter *padapter)
DBG_88E("%s\n", __func__);
pwps_ie_src = pmlmepriv->wps_beacon_ie;
if (pwps_ie_src == NULL)
return;
pwps_ie = rtw_get_wps_ie(ie+_FIXED_IE_LENGTH_, ielen-_FIXED_IE_LENGTH_, NULL, &wps_ielen);
if (pwps_ie == NULL || wps_ielen == 0)
@ -1323,10 +1327,6 @@ static void update_bcn_wps_ie(struct adapter *padapter)
memcpy(pbackup_remainder_ie, premainder_ie, remainder_ielen);
}
pwps_ie_src = pmlmepriv->wps_beacon_ie;
if (pwps_ie_src == NULL)
return;
wps_ielen = (uint)pwps_ie_src[1];/* to get ie data len */
if ((wps_offset+wps_ielen+2+remainder_ielen) <= MAX_IE_SZ) {
memcpy(pwps_ie, pwps_ie_src, wps_ielen+2);