From: Ajay Singh <ajay.kathat@microchip.com>
Date: Mon, 26 Mar 2018 11:45:56 +0000 (+0530)
Subject: staging: wilc1000: avoid 'NULL' pointer access in wilc_network_info_received()
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=25b951332da01e4e4d5e9d8d36518b46e1e4015c;p=openwrt%2Fstaging%2Fblogic.git

staging: wilc1000: avoid 'NULL' pointer access in wilc_network_info_received()

Added 'NULL' check before accessing the allocated memory. Free up the
memory incase of failure to enqueue the command. Used kmemdup instead of
kmalloc & memcpy.

Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c
index 3256a1da7e46..020baf15e02d 100644
--- a/drivers/staging/wilc1000/host_interface.c
+++ b/drivers/staging/wilc1000/host_interface.c
@@ -3465,12 +3465,15 @@ void wilc_network_info_received(struct wilc *wilc, u8 *buffer, u32 length)
 	msg.vif = vif;
 
 	msg.body.net_info.len = length;
-	msg.body.net_info.buffer = kmalloc(length, GFP_KERNEL);
-	memcpy(msg.body.net_info.buffer, buffer, length);
+	msg.body.net_info.buffer = kmemdup(buffer, length, GFP_KERNEL);
+	if (!msg.body.net_info.buffer)
+		return;
 
 	result = wilc_enqueue_cmd(&msg);
-	if (result)
+	if (result) {
 		netdev_err(vif->ndev, "message parameters (%d)\n", result);
+		kfree(msg.body.net_info.buffer);
+	}
 }
 
 void wilc_gnrl_async_info_received(struct wilc *wilc, u8 *buffer, u32 length)