summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Ricard <christophe.ricard@gmail.com>2014-09-13 10:28:45 +0200
committerSamuel Ortiz <sameo@linux.intel.com>2014-09-24 02:02:23 +0200
commit90d5f81afc8369774a6c581b600aef80b1448d35 (patch)
tree5d80c4bc910a44f0e5faa50354c41b012f53c4af
parentNFC: st21nfca: Fix potential skb leaks in NFC-DEP code (diff)
downloadlinux-90d5f81afc8369774a6c581b600aef80b1448d35.tar.xz
linux-90d5f81afc8369774a6c581b600aef80b1448d35.zip
NFC: st21nfca: Fix recursive fault when doing p2p in target mode.
This patch fix a previous patch introduce by commit 0a91e8ac240a12ac3a03581deb8cd531788c63d4 It is actually fixing a double free mistake in all st21nfca_tm_* function. We decide to return directly in case of successful execution because skb got already freed. In st21nfca_tm_recv_dep_req it got freed by nfc_tm_data_received. Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
-rw-r--r--drivers/nfc/st21nfca/st21nfca.c11
1 files changed, 4 insertions, 7 deletions
diff --git a/drivers/nfc/st21nfca/st21nfca.c b/drivers/nfc/st21nfca/st21nfca.c
index e5f92aaa5466..a89e56c2c749 100644
--- a/drivers/nfc/st21nfca/st21nfca.c
+++ b/drivers/nfc/st21nfca/st21nfca.c
@@ -861,19 +861,16 @@ static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 gate,
if (gate == ST21NFCA_RF_CARD_F_GATE) {
r = st21nfca_tm_event_send_data(hdev, skb, gate);
if (r < 0)
- goto exit;
- } else {
- info->dep_info.curr_nfc_dep_pni = 0;
- return 1;
+ return r;
+ return 0;
}
- break;
+ info->dep_info.curr_nfc_dep_pni = 0;
+ return 1;
default:
return 1;
}
kfree_skb(skb);
return 0;
-exit:
- return r;
}
static struct nfc_hci_ops st21nfca_hci_ops = {