summaryrefslogtreecommitdiffstats
path: root/net/nfc
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2015-12-23 23:45:27 +0100
committerSamuel Ortiz <sameo@linux.intel.com>2015-12-29 19:06:23 +0100
commitc6dc65d885b98898bf287aaf44e020077b41769f (patch)
tree94d8c0d3eaecb7589469b9dc6066445c2a1b57ab /net/nfc
parentnfc: pn544: Remove i2c client gpio irq configuration (diff)
downloadlinux-c6dc65d885b98898bf287aaf44e020077b41769f.tar.xz
linux-c6dc65d885b98898bf287aaf44e020077b41769f.zip
NFC: nci: memory leak in nci_core_conn_create()
I've moved the check for "number_destination_params" forward a few lines to avoid leaking "cmd". Fixes: caa575a86ec1 ('NFC: nci: fix possible crash in nci_core_conn_create') Acked-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Diffstat (limited to 'net/nfc')
-rw-r--r--net/nfc/nci/core.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 10c99a578421..fbb7a2b57b44 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -610,14 +610,14 @@ int nci_core_conn_create(struct nci_dev *ndev, u8 destination_type,
struct nci_core_conn_create_cmd *cmd;
struct core_conn_create_data data;
+ if (!number_destination_params)
+ return -EINVAL;
+
data.length = params_len + sizeof(struct nci_core_conn_create_cmd);
cmd = kzalloc(data.length, GFP_KERNEL);
if (!cmd)
return -ENOMEM;
- if (!number_destination_params)
- return -EINVAL;
-
cmd->destination_type = destination_type;
cmd->number_destination_params = number_destination_params;
memcpy(cmd->params, params, params_len);