NFC: nci: memory leak in nci_core_conn_create()
authorDan Carpenter <dan.carpenter@oracle.com>
Wed, 23 Dec 2015 22:45:27 +0000 (23:45 +0100)
committerSamuel Ortiz <sameo@linux.intel.com>
Tue, 29 Dec 2015 18:06:23 +0000 (19:06 +0100)
I've moved the check for "number_destination_params" forward
a few lines to avoid leaking "cmd".

Fixes: caa575a86ec1 ('NFC: nci: fix possible crash in nci_core_conn_create')

Acked-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
net/nfc/nci/core.c

index 10c99a5784212c92f7fa6ee69a43518ba89dc17c..fbb7a2b57b443d7b49f4ae2e539bf54c0a56527f 100644 (file)
@@ -610,14 +610,14 @@ int nci_core_conn_create(struct nci_dev *ndev, u8 destination_type,
        struct nci_core_conn_create_cmd *cmd;
        struct core_conn_create_data data;
 
+       if (!number_destination_params)
+               return -EINVAL;
+
        data.length = params_len + sizeof(struct nci_core_conn_create_cmd);
        cmd = kzalloc(data.length, GFP_KERNEL);
        if (!cmd)
                return -ENOMEM;
 
-       if (!number_destination_params)
-               return -EINVAL;
-
        cmd->destination_type = destination_type;
        cmd->number_destination_params = number_destination_params;
        memcpy(cmd->params, params, params_len);