Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c490c557 authored by Christophe Ricard's avatar Christophe Ricard Committed by Samuel Ortiz
Browse files

NFC: st21nfca: Fix some skb memory leaks 



Fix some memory leaks after some nfc_hci_get_param calls.

Signed-off-by: default avatarChristophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
parent 2b702832

drivers/nfc/st21nfca/st21nfca.c

+21 −16
Original line number Diff line number Diff line
@@ -261,8 +261,9 @@ static int st21nfca_hci_ready(struct nfc_hci_dev *hdev) 
	if (r < 0)

		return r;



	if (skb->data[0] == 0) {

	param = skb->data[0];

	kfree_skb(skb);

	if (param == 0) {

		param = 1;



		r = nfc_hci_set_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
@@ -404,9 +405,12 @@ static int st21nfca_hci_start_poll(struct nfc_hci_dev *hdev, 
			r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,

					      ST21NFCA_RF_CARD_F_DATARATE,

					      param, 1);

			if (r < 0)

			if (r < 0) {

				kfree_skb(datarate_skb);

				return r;

			}

		}

		kfree_skb(datarate_skb);



		/*

		 * Configure sens_res
@@ -660,15 +664,15 @@ static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev, 
						struct nfc_target *target)

{

	int r;

	struct sk_buff *nfcid2_skb = NULL, *nfcid1_skb;

	struct sk_buff *nfcid_skb = NULL;



	if (gate == ST21NFCA_RF_READER_F_GATE) {

		r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,

				ST21NFCA_RF_READER_F_NFCID2, &nfcid2_skb);

				ST21NFCA_RF_READER_F_NFCID2, &nfcid_skb);

		if (r < 0)

			goto exit;



		if (nfcid2_skb->len > NFC_SENSF_RES_MAXSIZE) {

		if (nfcid_skb->len > NFC_SENSF_RES_MAXSIZE) {

			r = -EPROTO;

			goto exit;

		}
@@ -680,11 +684,11 @@ static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev, 
		 * - After the reception of SEL_RES with NFCIP-1 compliant bit

		 * set for type A frame NFCID1 will be updated

		 */

		if (nfcid2_skb->len > 0) {

		if (nfcid_skb->len > 0) {

			/* P2P in type F */

			memcpy(target->sensf_res, nfcid2_skb->data,

				nfcid2_skb->len);

			target->sensf_res_len = nfcid2_skb->len;

			memcpy(target->sensf_res, nfcid_skb->data,

				nfcid_skb->len);

			target->sensf_res_len = nfcid_skb->len;

			/* NFC Forum Digital Protocol Table 44 */

			if (target->sensf_res[0] == 0x01 &&

			    target->sensf_res[1] == 0xfe)
@@ -694,27 +698,28 @@ static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev, 
				target->supported_protocols =

							NFC_PROTO_FELICA_MASK;

		} else {

			kfree_skb(nfcid_skb);

			/* P2P in type A */

			r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,

					ST21NFCA_RF_READER_F_NFCID1,

					&nfcid1_skb);

					&nfcid_skb);

			if (r < 0)

				goto exit;



			if (nfcid1_skb->len > NFC_NFCID1_MAXSIZE) {

			if (nfcid_skb->len > NFC_NFCID1_MAXSIZE) {

				r = -EPROTO;

				goto exit;

			}

			memcpy(target->sensf_res, nfcid1_skb->data,

				nfcid1_skb->len);

			target->sensf_res_len = nfcid1_skb->len;

			memcpy(target->sensf_res, nfcid_skb->data,

				nfcid_skb->len);

			target->sensf_res_len = nfcid_skb->len;

			target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;

		}

		target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE;

	}

	r = 1;

exit:

	kfree_skb(nfcid2_skb);

	kfree_skb(nfcid_skb);

	return r;

}