UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

Bluetooth: Fix memory leak in read_adv_mon_features() 

read_adv_mon_features() is leaking memory. Free `rp` before returning.

Fixes: e5e1e7fd47 ("Bluetooth: Add handler of MGMT_OP_READ_ADV_MONITOR_FEATURES")
Reported-and-tested-by: syzbot+f7f6e564f4202d8601c6@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=f7f6e564f4202d8601c6
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
Peilin Ye 2020-09-09 03:25:51 -04:00 committed by Marcel Holtmann
parent 2041a3f500
commit cafd472a10
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
net/bluetooth/mgmt.c
View File

@ -4157,7 +4157,7 @@ static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
{
struct adv_monitor *monitor = NULL;
struct mgmt_rp_read_adv_monitor_features *rp = NULL;
int handle;
int handle, err;
size_t rp_size = 0;
__u32 supported = 0;
__u16 num_handles = 0;
@ -4192,9 +4192,13 @@ static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
if (num_handles)
memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
return mgmt_cmd_complete(sk, hdev->id,
MGMT_OP_READ_ADV_MONITOR_FEATURES,
MGMT_STATUS_SUCCESS, rp, rp_size);
err = mgmt_cmd_complete(sk, hdev->id,
MGMT_OP_READ_ADV_MONITOR_FEATURES,
MGMT_STATUS_SUCCESS, rp, rp_size);
kfree(rp);
return err;
}
static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,