[PATCH 4.4 151/312] NFC: nci: memory leak in nci_core_conn_create()

Greg Kroah-Hartman Fri, 08 May 2020 06:18:25 -0700

From: Dan Carpenter <dan.carpen...@oracle.com>

commit c6dc65d885b98898bf287aaf44e020077b41769f upstream.


I've moved the check for "number_destination_params" forward
a few lines to avoid leaking "cmd".

Fixes: caa575a86ec1 ('NFC: nci: fix possible crash in nci_core_conn_create')

Acked-by: Christophe Ricard <christophe-h.ric...@st.com>
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
Signed-off-by: Samuel Ortiz <sa...@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 net/nfc/nci/core.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -610,14 +610,14 @@ int nci_core_conn_create(struct nci_dev
        struct nci_core_conn_create_cmd *cmd;
        struct core_conn_create_data data;
 
+       if (!number_destination_params)
+               return -EINVAL;
+
        data.length = params_len + sizeof(struct nci_core_conn_create_cmd);
        cmd = kzalloc(data.length, GFP_KERNEL);
        if (!cmd)
                return -ENOMEM;
 
-       if (!number_destination_params)
-               return -EINVAL;
-
        cmd->destination_type = destination_type;
        cmd->number_destination_params = number_destination_params;
        memcpy(cmd->params, params, params_len);

[PATCH 4.4 151/312] NFC: nci: memory leak in nci_core_conn_create()

Reply via email to