diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2011-09-23 09:14:35 +0300 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2011-09-27 14:34:10 -0400 |
commit | 8ebafde00ed0c682fed8c34ac5ba90160ea0bb30 (patch) | |
tree | cc14065f04168bf10f342b29767d6cfa44e16f9d /net | |
parent | 84b1bec6d716fc8c289e2530cab109a6e097455b (diff) | |
download | kernel_goldelico_gta04-8ebafde00ed0c682fed8c34ac5ba90160ea0bb30.zip kernel_goldelico_gta04-8ebafde00ed0c682fed8c34ac5ba90160ea0bb30.tar.gz kernel_goldelico_gta04-8ebafde00ed0c682fed8c34ac5ba90160ea0bb30.tar.bz2 |
NFC: use after free on error
We returned a freed variable on some error paths when the intent was
to return a NULL. Part of the reason this was missed was that the
code was confusing because it had too many gotos so I removed them
and simplified the flow a bit.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Lauro Ramos Venancio <lauro.venancio@openbossa.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/nfc/nci/core.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c index 1e6b20f..4047e29 100644 --- a/net/nfc/nci/core.c +++ b/net/nfc/nci/core.c @@ -499,19 +499,19 @@ struct nci_dev *nci_allocate_device(struct nci_ops *ops, int tx_headroom, int tx_tailroom) { - struct nci_dev *ndev = NULL; + struct nci_dev *ndev; nfc_dbg("entry, supported_protocols 0x%x", supported_protocols); if (!ops->open || !ops->close || !ops->send) - goto exit; + return NULL; if (!supported_protocols) - goto exit; + return NULL; ndev = kzalloc(sizeof(struct nci_dev), GFP_KERNEL); if (!ndev) - goto exit; + return NULL; ndev->ops = ops; ndev->tx_headroom = tx_headroom; @@ -526,13 +526,11 @@ struct nci_dev *nci_allocate_device(struct nci_ops *ops, nfc_set_drvdata(ndev->nfc_dev, ndev); - goto exit; + return ndev; free_exit: kfree(ndev); - -exit: - return ndev; + return NULL; } EXPORT_SYMBOL(nci_allocate_device); |