[PATCH] Fix possible memory leak in function cfg80211_bss_update

Sat Jun 26 20:57:51 UTC 2021

When we exceed the limit of BSS entries, this function will free the
new entry, however, at this time, it is the last door to access the
inputed ies, so these ies will be unreferenced objects and cause memory
leak.
Therefore we should free its ies before deallocating the new entry, beside
of dropping it from hidden_list.
These stuffs could be done by using bss_free function.

Signed-off-by: Nguyen Dinh Phi <phind.uet at gmail.com>
---
 net/wireless/scan.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index f03c7ac8e184..b5f62bbe539a 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1761,9 +1761,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev,
 
 		if (rdev->bss_entries >= bss_entries_limit &&
 		    !cfg80211_bss_expire_oldest(rdev)) {
-			if (!list_empty(&new->hidden_list))
-				list_del(&new->hidden_list);
-			kfree(new);
+			bss_free(new);
 			goto drop;
 		}
 
-- 
2.25.1

