diff options
author | Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> | 2012-10-11 14:04:00 +0200 |
---|---|---|
committer | Samuel Ortiz <sameo@linux.intel.com> | 2012-11-20 00:09:26 +0100 |
commit | 70418e6efcf4f8652cc08e3f2ab8ae35f0948fd9 (patch) | |
tree | 68f02c2d54409ab028336ed6acb2922297f188ac | |
parent | NFC: pn533: Fix use after free (diff) | |
download | linux-70418e6efcf4f8652cc08e3f2ab8ae35f0948fd9.tar.xz linux-70418e6efcf4f8652cc08e3f2ab8ae35f0948fd9.zip |
NFC: pn533: Fix mem leak in pn533_in_dep_link_up
cmd is allocated in pn533_dep_link_up and passed as an arg to
pn533_send_cmd_frame_async together with a complete cb.
arg is passed to the cb and must be kfreed there.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
-rw-r--r-- | drivers/nfc/pn533.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c index 84a2e77ab5de..807bbb8e82d9 100644 --- a/drivers/nfc/pn533.c +++ b/drivers/nfc/pn533.c @@ -1679,11 +1679,14 @@ static void pn533_deactivate_target(struct nfc_dev *nfc_dev, static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg, u8 *params, int params_len) { - struct pn533_cmd_jump_dep *cmd; struct pn533_cmd_jump_dep_response *resp; struct nfc_target nfc_target; u8 target_gt_len; int rc; + struct pn533_cmd_jump_dep *cmd = (struct pn533_cmd_jump_dep *)arg; + u8 active = cmd->active; + + kfree(arg); if (params_len == -ENOENT) { nfc_dev_dbg(&dev->interface->dev, ""); @@ -1705,7 +1708,6 @@ static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg, } resp = (struct pn533_cmd_jump_dep_response *) params; - cmd = (struct pn533_cmd_jump_dep *) arg; rc = resp->status & PN533_CMD_RET_MASK; if (rc != PN533_CMD_RET_SUCCESS) { nfc_dev_err(&dev->interface->dev, @@ -1735,7 +1737,7 @@ static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg, if (rc == 0) rc = nfc_dep_link_is_up(dev->nfc_dev, dev->nfc_dev->targets[0].idx, - !cmd->active, NFC_RF_INITIATOR); + !active, NFC_RF_INITIATOR); return 0; } |