diff options
author | Christophe Ricard <christophe.ricard@gmail.com> | 2014-09-13 10:28:45 +0200 |
---|---|---|
committer | Samuel Ortiz <sameo@linux.intel.com> | 2014-09-24 02:02:23 +0200 |
commit | 90d5f81afc8369774a6c581b600aef80b1448d35 (patch) | |
tree | 5d80c4bc910a44f0e5faa50354c41b012f53c4af | |
parent | NFC: st21nfca: Fix potential skb leaks in NFC-DEP code (diff) | |
download | linux-90d5f81afc8369774a6c581b600aef80b1448d35.tar.xz linux-90d5f81afc8369774a6c581b600aef80b1448d35.zip |
NFC: st21nfca: Fix recursive fault when doing p2p in target mode.
This patch fix a previous patch introduce by commit 0a91e8ac240a12ac3a03581deb8cd531788c63d4
It is actually fixing a double free mistake in all st21nfca_tm_* function.
We decide to return directly in case of successful execution because skb
got already freed. In st21nfca_tm_recv_dep_req it got freed by nfc_tm_data_received.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
-rw-r--r-- | drivers/nfc/st21nfca/st21nfca.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/drivers/nfc/st21nfca/st21nfca.c b/drivers/nfc/st21nfca/st21nfca.c index e5f92aaa5466..a89e56c2c749 100644 --- a/drivers/nfc/st21nfca/st21nfca.c +++ b/drivers/nfc/st21nfca/st21nfca.c @@ -861,19 +861,16 @@ static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 gate, if (gate == ST21NFCA_RF_CARD_F_GATE) { r = st21nfca_tm_event_send_data(hdev, skb, gate); if (r < 0) - goto exit; - } else { - info->dep_info.curr_nfc_dep_pni = 0; - return 1; + return r; + return 0; } - break; + info->dep_info.curr_nfc_dep_pni = 0; + return 1; default: return 1; } kfree_skb(skb); return 0; -exit: - return r; } static struct nfc_hci_ops st21nfca_hci_ops = { |