* [PATCH v2 2/3] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
@ 2022-04-01 18:10 Martin Faltesek
2022-04-02 9:01 ` Krzysztof Kozlowski
0 siblings, 1 reply; 2+ messages in thread
From: Martin Faltesek @ 2022-04-01 18:10 UTC (permalink / raw)
To: netdev, kuba, krzk, christophe.ricard, jordy
Cc: sameo, wklin, groeck, mfaltesek, gregkh
Error paths do not free previously allocated memory. Add devm_kfree() to
those failure paths.
Fixes: 26fc6c7f02cb ("NFC: st21nfca: Add HCI transaction event support")
Fixes: 4fbcc1a4cb20 ("nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION")
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
---
drivers/nfc/st21nfca/se.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/nfc/st21nfca/se.c b/drivers/nfc/st21nfca/se.c
index 9a37de60f73f..d387ba9c4814 100644
--- a/drivers/nfc/st21nfca/se.c
+++ b/drivers/nfc/st21nfca/se.c
@@ -318,22 +318,29 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host,
transaction->aid_len = skb->data[1];
/* Checking if the length of the AID is valid */
- if (transaction->aid_len > sizeof(transaction->aid))
+ if (transaction->aid_len > sizeof(transaction->aid)) {
+ devm_kfree(dev, transaction);
return -EINVAL;
+ }
memcpy(transaction->aid, &skb->data[2],
transaction->aid_len);
/* Check next byte is PARAMETERS tag (82) */
if (skb->data[transaction->aid_len + 2] !=
- NFC_EVT_TRANSACTION_PARAMS_TAG)
+ NFC_EVT_TRANSACTION_PARAMS_TAG) {
+ devm_kfree(dev, transaction);
return -EPROTO;
+ }
transaction->params_len = skb->data[transaction->aid_len + 3];
/* Total size is allocated (skb->len - 2) minus fixed array members */
- if (transaction->params_len > ((skb->len - 2) - sizeof(struct nfc_evt_transaction)))
+ if (transaction->params_len > ((skb->len - 2) -
+ sizeof(struct nfc_evt_transaction))) {
+ devm_kfree(dev, transaction);
return -EINVAL;
+ }
memcpy(transaction->params, skb->data +
transaction->aid_len + 4, transaction->params_len);
--
2.35.1.1094.g7c7d902a7c-goog
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2 2/3] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
2022-04-01 18:10 [PATCH v2 2/3] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Martin Faltesek
@ 2022-04-02 9:01 ` Krzysztof Kozlowski
0 siblings, 0 replies; 2+ messages in thread
From: Krzysztof Kozlowski @ 2022-04-02 9:01 UTC (permalink / raw)
To: Martin Faltesek, netdev, kuba, christophe.ricard, jordy
Cc: sameo, wklin, groeck, mfaltesek, gregkh
On 01/04/2022 20:10, Martin Faltesek wrote:
> Error paths do not free previously allocated memory. Add devm_kfree() to
> those failure paths.
>
> Fixes: 26fc6c7f02cb ("NFC: st21nfca: Add HCI transaction event support")
> Fixes: 4fbcc1a4cb20 ("nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION")
> Signed-off-by: Martin Faltesek <mfaltesek@google.com>
> ---
> drivers/nfc/st21nfca/se.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-02 9:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-04-01 18:10 [PATCH v2 2/3] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Martin Faltesek
2022-04-02 9:01 ` Krzysztof Kozlowski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).