From 25b951332da01e4e4d5e9d8d36518b46e1e4015c Mon Sep 17 00:00:00 2001 From: Ajay Singh Date: Mon, 26 Mar 2018 17:15:56 +0530 Subject: [PATCH] staging: wilc1000: avoid 'NULL' pointer access in wilc_network_info_received() Added 'NULL' check before accessing the allocated memory. Free up the memory incase of failure to enqueue the command. Used kmemdup instead of kmalloc & memcpy. Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea Signed-off-by: Greg Kroah-Hartman --- drivers/staging/wilc1000/host_interface.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 3256a1da7e46..020baf15e02d 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -3465,12 +3465,15 @@ void wilc_network_info_received(struct wilc *wilc, u8 *buffer, u32 length) msg.vif = vif; msg.body.net_info.len = length; - msg.body.net_info.buffer = kmalloc(length, GFP_KERNEL); - memcpy(msg.body.net_info.buffer, buffer, length); + msg.body.net_info.buffer = kmemdup(buffer, length, GFP_KERNEL); + if (!msg.body.net_info.buffer) + return; result = wilc_enqueue_cmd(&msg); - if (result) + if (result) { netdev_err(vif->ndev, "message parameters (%d)\n", result); + kfree(msg.body.net_info.buffer); + } } void wilc_gnrl_async_info_received(struct wilc *wilc, u8 *buffer, u32 length)