mei: nfc: fix memory leak in error path

The flow may reach the err label without freeing cl and cl_info

cl and cl_info weren't assigned to ndev->cl and cl_info
so they weren't freed in mei_nfc_free called on error path

Cc: <stable@vger.kernel.org> # 3.10+
Cc: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/misc/mei/nfc.c b/drivers/misc/mei/nfc.c
index d0c6907dfd926809620e5ca459781042e32ba093..994ca4aff1a37ecf1b6fc53a2b44e1f446b710dd 100644 (file)
--- a/drivers/misc/mei/nfc.c
+++ b/drivers/misc/mei/nfc.c
@@ -485,8 +485,11 @@ int mei_nfc_host_init(struct mei_device *dev)
        if (ndev->cl_info)
                return 0;
 
-       cl_info = mei_cl_allocate(dev);
-       cl = mei_cl_allocate(dev);
+       ndev->cl_info = mei_cl_allocate(dev);
+       ndev->cl = mei_cl_allocate(dev);
+
+       cl = ndev->cl;
+       cl_info = ndev->cl_info;
 
        if (!cl || !cl_info) {
                ret = -ENOMEM;
@@ -527,10 +530,9 @@ int mei_nfc_host_init(struct mei_device *dev)
 
        cl->device_uuid = mei_nfc_guid;
 
+
        list_add_tail(&cl->device_link, &dev->device_list);
 
-       ndev->cl_info = cl_info;
-       ndev->cl = cl;
        ndev->req_id = 1;
 
        INIT_WORK(&ndev->init_work, mei_nfc_init);