NFC: Fix possible LLCP memory leak

nfc_llcp_build_tlv() malloced the memory and should be free in
nfc_llcp_build_gb() after used, and the same in the error handling
case, otherwise it will cause memory leak.

spatch with a semantic match is used to found this problem.
(http://coccinelle.lip6.fr/)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This commit is contained in:
Wei Yongjun 2012-09-02 21:21:46 +08:00 committed by Samuel Ortiz
parent 33e5971358
commit 52da2449e1

View File

@ -426,6 +426,7 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
u8 *miux_tlv, miux_length; u8 *miux_tlv, miux_length;
__be16 miux; __be16 miux;
u8 gb_len = 0; u8 gb_len = 0;
int ret = 0;
version = LLCP_VERSION_11; version = LLCP_VERSION_11;
version_tlv = nfc_llcp_build_tlv(LLCP_TLV_VERSION, &version, version_tlv = nfc_llcp_build_tlv(LLCP_TLV_VERSION, &version,
@ -450,8 +451,8 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
gb_len += ARRAY_SIZE(llcp_magic); gb_len += ARRAY_SIZE(llcp_magic);
if (gb_len > NFC_MAX_GT_LEN) { if (gb_len > NFC_MAX_GT_LEN) {
kfree(version_tlv); ret = -EINVAL;
return -EINVAL; goto out;
} }
gb_cur = local->gb; gb_cur = local->gb;
@ -471,12 +472,15 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
memcpy(gb_cur, miux_tlv, miux_length); memcpy(gb_cur, miux_tlv, miux_length);
gb_cur += miux_length; gb_cur += miux_length;
kfree(version_tlv);
kfree(lto_tlv);
local->gb_len = gb_len; local->gb_len = gb_len;
return 0; out:
kfree(version_tlv);
kfree(lto_tlv);
kfree(wks_tlv);
kfree(miux_tlv);
return ret;
} }
u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len) u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len)