Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c6dc65d8 authored by Dan Carpenter's avatar Dan Carpenter Committed by Samuel Ortiz
Browse files

NFC: nci: memory leak in nci_core_conn_create() 



I've moved the check for "number_destination_params" forward
a few lines to avoid leaking "cmd".

Fixes: caa575a8 ('NFC: nci: fix possible crash in nci_core_conn_create')

Acked-by: default avatarChristophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
parent 97b69788

net/nfc/nci/core.c

+3 −3
Original line number Diff line number Diff line
@@ -610,14 +610,14 @@ int nci_core_conn_create(struct nci_dev *ndev, u8 destination_type, 
	struct nci_core_conn_create_cmd *cmd;

	struct core_conn_create_data data;



	if (!number_destination_params)

		return -EINVAL;



	data.length = params_len + sizeof(struct nci_core_conn_create_cmd);

	cmd = kzalloc(data.length, GFP_KERNEL);

	if (!cmd)

		return -ENOMEM;



	if (!number_destination_params)

		return -EINVAL;



	cmd->destination_type = destination_type;

	cmd->number_destination_params = number_destination_params;

	memcpy(cmd->params, params, params_len);