Skip to content

Commit

Permalink
NFC: nci: memory leak in nci_core_conn_create()
Browse files Browse the repository at this point in the history 
I've moved the check for "number_destination_params" forward
a few lines to avoid leaking "cmd".

Fixes: caa575a ('NFC: nci: fix possible crash in nci_core_conn_create')

Acked-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
  • Loading branch information
Dan Carpenter authored and Samuel Ortiz committed Dec 29, 2015
1 parent 97b6978 commit c6dc65d
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions net/nfc/nci/core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -610,14 +610,14 @@ int nci_core_conn_create(struct nci_dev *ndev, u8 destination_type,
struct nci_core_conn_create_cmd *cmd;
struct core_conn_create_data data;

if (!number_destination_params)
return -EINVAL;

data.length = params_len + sizeof(struct nci_core_conn_create_cmd);
cmd = kzalloc(data.length, GFP_KERNEL);
if (!cmd)
return -ENOMEM;

if (!number_destination_params)
return -EINVAL;

cmd->destination_type = destination_type;
cmd->number_destination_params = number_destination_params;
memcpy(cmd->params, params, params_len);
Expand Down

0 comments on commit c6dc65d

Please sign in to comment.