diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2015-12-23 23:45:27 +0100 |
---|---|---|
committer | Samuel Ortiz <sameo@linux.intel.com> | 2015-12-29 19:06:23 +0100 |
commit | c6dc65d885b98898bf287aaf44e020077b41769f (patch) | |
tree | 94d8c0d3eaecb7589469b9dc6066445c2a1b57ab /net/nfc | |
parent | nfc: pn544: Remove i2c client gpio irq configuration (diff) | |
download | linux-c6dc65d885b98898bf287aaf44e020077b41769f.tar.xz linux-c6dc65d885b98898bf287aaf44e020077b41769f.zip |
NFC: nci: memory leak in nci_core_conn_create()
I've moved the check for "number_destination_params" forward
a few lines to avoid leaking "cmd".
Fixes: caa575a86ec1 ('NFC: nci: fix possible crash in nci_core_conn_create')
Acked-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Diffstat (limited to 'net/nfc')
-rw-r--r-- | net/nfc/nci/core.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c index 10c99a578421..fbb7a2b57b44 100644 --- a/net/nfc/nci/core.c +++ b/net/nfc/nci/core.c @@ -610,14 +610,14 @@ int nci_core_conn_create(struct nci_dev *ndev, u8 destination_type, struct nci_core_conn_create_cmd *cmd; struct core_conn_create_data data; + if (!number_destination_params) + return -EINVAL; + data.length = params_len + sizeof(struct nci_core_conn_create_cmd); cmd = kzalloc(data.length, GFP_KERNEL); if (!cmd) return -ENOMEM; - if (!number_destination_params) - return -EINVAL; - cmd->destination_type = destination_type; cmd->number_destination_params = number_destination_params; memcpy(cmd->params, params, params_len); |