Skip to content

L
linux
Commit 989443a9 authored by Dan Carpenter's avatar Dan Carpenter Committed by Kleber Sacilotto de Souza
Browse files
Options

NFC: nci: memory leak in nci_core_conn_create() 

BugLink: https://bugs.launchpad.net/bugs/1878232

commit c6dc65d8 upstream.

I've moved the check for "number_destination_params" forward
a few lines to avoid leaking "cmd".

Fixes: caa575a8 ('NFC: nci: fix possible crash in nci_core_conn_create')
Acked-by: default avatarChristophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarIan May <ian.may@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent f3b81f60
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 3 deletions
net/nfc/nci/core.c
View file @ 989443a9
......@@ -610,14 +610,14 @@ int nci_core_conn_create(struct nci_dev *ndev, u8 destination_type,
struct nci_core_conn_create_cmd *cmd;
struct core_conn_create_data data;
if (!number_destination_params)
return -EINVAL;
data.length = params_len + sizeof(struct nci_core_conn_create_cmd);
cmd = kzalloc(data.length, GFP_KERNEL);
if (!cmd)
return -ENOMEM;
if (!number_destination_params)
return -EINVAL;
cmd->destination_type = destination_type;
cmd->number_destination_params = number_destination_params;
memcpy(cmd->params, params, params_len);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7