From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Ziyang Xuan <william.xuanziyang@huawei.com>,
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>,
Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 4.14 32/39] NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
Date: Mon, 18 Oct 2021 15:24:41 +0200 [thread overview]
Message-ID: <20211018132326.473847930@linuxfoundation.org> (raw)
In-Reply-To: <20211018132325.426739023@linuxfoundation.org>
From: Ziyang Xuan <william.xuanziyang@huawei.com>
commit 58e7dcc9ca29c14e44267a4d0ea61e3229124907 upstream.
'params' is allocated in digital_tg_listen_mdaa(), but not free when
digital_send_cmd() failed, which will cause memory leak. Fix it by
freeing 'params' if digital_send_cmd() return failed.
Fixes: 1c7a4c24fbfd ("NFC Digital: Add target NFC-DEP support")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/nfc/digital_core.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/net/nfc/digital_core.c
+++ b/net/nfc/digital_core.c
@@ -286,6 +286,7 @@ int digital_tg_configure_hw(struct nfc_d
static int digital_tg_listen_mdaa(struct nfc_digital_dev *ddev, u8 rf_tech)
{
struct digital_tg_mdaa_params *params;
+ int rc;
params = kzalloc(sizeof(*params), GFP_KERNEL);
if (!params)
@@ -300,8 +301,12 @@ static int digital_tg_listen_mdaa(struct
get_random_bytes(params->nfcid2 + 2, NFC_NFCID2_MAXSIZE - 2);
params->sc = DIGITAL_SENSF_FELICA_SC;
- return digital_send_cmd(ddev, DIGITAL_CMD_TG_LISTEN_MDAA, NULL, params,
- 500, digital_tg_recv_atr_req, NULL);
+ rc = digital_send_cmd(ddev, DIGITAL_CMD_TG_LISTEN_MDAA, NULL, params,
+ 500, digital_tg_recv_atr_req, NULL);
+ if (rc)
+ kfree(params);
+
+ return rc;
}
static int digital_tg_listen_md(struct nfc_digital_dev *ddev, u8 rf_tech)
next prev parent reply other threads:[~2021-10-18 13:28 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-18 13:24 [PATCH 4.14 00/39] 4.14.252-rc1 review Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 01/39] stable: clamp SUBLEVEL in 4.14 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 02/39] ALSA: seq: Fix a potential UAF by wrong private_free call order Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 03/39] s390: fix strrchr() implementation Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 04/39] btrfs: deal with errors when replaying dir entry during log replay Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 05/39] btrfs: deal with errors when adding inode reference " Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 06/39] btrfs: check for error when looking up inode during dir entry replay Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 07/39] xhci: Fix command ring pointer corruption while aborting a command Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 08/39] xhci: Enable trust tx length quirk for Fresco FL11 USB controller Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 09/39] cb710: avoid NULL pointer subtraction Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 10/39] efi/cper: use stack buffer for error record decoding Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 11/39] efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 12/39] usb: musb: dsps: Fix the probe error path Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 13/39] Input: xpad - add support for another USB ID of Nacon GC-100 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 14/39] USB: serial: qcserial: add EM9191 QDL support Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 15/39] USB: serial: option: add Quectel EC200S-CN module support Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 16/39] USB: serial: option: add Telit LE910Cx composition 0x1204 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 17/39] USB: serial: option: add prod. id for Quectel EG91 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 18/39] virtio: write back F_VERSION_1 before validate Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 19/39] nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 20/39] x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 21/39] iio: adc: aspeed: set driver data when adc probe Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 22/39] iio: adc128s052: Fix the error handling path of adc128_probe() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 23/39] iio: light: opt3001: Fixed timeout error when 0 lux Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 24/39] iio: ssp_sensors: add more range checking in ssp_parse_dataframe() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 25/39] iio: ssp_sensors: fix error code in ssp_print_mcu_debug() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 26/39] sctp: account stream padding length for reconf chunk Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 27/39] net: arc: select CRC32 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 28/39] net: korina: " Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 29/39] net: encx24j600: check error in devm_regmap_init_encx24j600 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 30/39] ethernet: s2io: fix setting mac address during resume Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 31/39] nfc: fix error handling of nfc_proto_register() Greg Kroah-Hartman
2021-10-18 13:24 ` Greg Kroah-Hartman [this message]
2021-10-18 13:24 ` [PATCH 4.14 33/39] NFC: digital: fix possible memory leak in digital_in_send_sdd_req() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 34/39] pata_legacy: fix a couple uninitialized variable bugs Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 35/39] drm/msm: Fix null pointer dereference on pointer edp Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 36/39] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 37/39] acpi/arm64: fix next_platform_timer() section mismatch error Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 38/39] qed: Fix missing error code in qed_slowpath_start() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.14 39/39] r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 Greg Kroah-Hartman
2021-10-19 6:08 ` [PATCH 4.14 00/39] 4.14.252-rc1 review Jon Hunter
2021-10-19 8:27 ` Naresh Kamboju
2021-10-19 20:24 ` Guenter Roeck
2021-10-20 2:52 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211018132326.473847930@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=krzysztof.kozlowski@canonical.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=william.xuanziyang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.