diff mbox series

[4.4,151/312] NFC: nci: memory leak in nci_core_conn_create()

Message ID 20200508123135.083649102@linuxfoundation.org
State New
Headers show
Series None | expand

Commit Message

Greg KH May 8, 2020, 12:32 p.m. UTC
From: Dan Carpenter <dan.carpenter@oracle.com>

commit c6dc65d885b98898bf287aaf44e020077b41769f upstream.

I've moved the check for "number_destination_params" forward
a few lines to avoid leaking "cmd".

Fixes: caa575a86ec1 ('NFC: nci: fix possible crash in nci_core_conn_create')

Acked-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/nfc/nci/core.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff mbox series

Patch

--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -610,14 +610,14 @@  int nci_core_conn_create(struct nci_dev
 	struct nci_core_conn_create_cmd *cmd;
 	struct core_conn_create_data data;
 
+	if (!number_destination_params)
+		return -EINVAL;
+
 	data.length = params_len + sizeof(struct nci_core_conn_create_cmd);
 	cmd = kzalloc(data.length, GFP_KERNEL);
 	if (!cmd)
 		return -ENOMEM;
 
-	if (!number_destination_params)
-		return -EINVAL;
-
 	cmd->destination_type = destination_type;
 	cmd->number_destination_params = number_destination_params;
 	memcpy(cmd->params, params, params_len);