From b7d9814428cb7d1666fb4f6b6ad961237afecd4e Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Mon, 29 Oct 2012 14:02:17 +0100 Subject: [PATCH] --- yaml --- r: 341508 b: refs/heads/master c: 6e950fd214645e71e94bce2429bea58b88e1b5d0 h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/net/nfc/llcp/commands.c | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/[refs] b/[refs] index 0ae188ab28a8..be273697324d 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 08eaa1e0ce5bad11bedd311a9ddc3baf778ee1df +refs/heads/master: 6e950fd214645e71e94bce2429bea58b88e1b5d0 diff --git a/trunk/net/nfc/llcp/commands.c b/trunk/net/nfc/llcp/commands.c index ed2d17312d61..f0a39456f26b 100644 --- a/trunk/net/nfc/llcp/commands.c +++ b/trunk/net/nfc/llcp/commands.c @@ -579,7 +579,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, struct sk_buff *pdu; struct nfc_llcp_local *local; size_t frag_len = 0, remaining_len; - u8 *msg_ptr; + u8 *msg_ptr, *msg_data; int err; pr_debug("Send UI frame len %zd\n", len); @@ -588,8 +588,17 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, if (local == NULL) return -ENODEV; + msg_data = kzalloc(len, GFP_KERNEL); + if (msg_data == NULL) + return -ENOMEM; + + if (memcpy_fromiovec(msg_data, msg->msg_iov, len)) { + kfree(msg_data); + return -EFAULT; + } + remaining_len = len; - msg_ptr = (u8 *) msg->msg_iov; + msg_ptr = msg_data; while (remaining_len > 0) { @@ -616,6 +625,8 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, msg_ptr += frag_len; } + kfree(msg_data); + return len; }