Commit 55e8f460 authored Aug 19, 2024 by Johan Hovold Committed by Yi Yang Aug 19, 2024

Bluetooth: qca: fix firmware check error path

stable inclusion
from stable-v5.15.159
commit 580bcd6bf24f9975f97d81d5ef1b64cca9240df9
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9U3C7
CVE: CVE-2024-36880

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=580bcd6bf24f9975f97d81d5ef1b64cca9240df9



---------------------------

commit 40d442f969fb1e871da6fca73d3f8aef1f888558 upstream.

A recent commit fixed the code that parses the firmware files before
downloading them to the controller but introduced a memory leak in case
the sanity checks ever fail.

Make sure to free the firmware buffer before returning on errors.

Fixes: f905ae0be4b7 ("Bluetooth: qca: add missing firmware sanity checks")
Cc: stable@vger.kernel.org      # 4.19
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yi Yang <yiyang13@huawei.com>

parent 417adf54

drivers/bluetooth/btqca.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -399,7 +399,7 @@ static int qca_download_firmware(struct hci_dev *hdev,

		ret = qca_tlv_check_data(hdev, config, data, size, soc_type);
		if (ret)
		return ret;
		goto out;

		segment = data;
		remain = size;