diff mbox series

nfc: fix potential illegal memory access

Message ID 1548082317-6029-1-git-send-email-albin_yang@163.com
State Awaiting Upstream
Delegated to: David Miller
Headers show
Series nfc: fix potential illegal memory access | expand

Commit Message

Yang Wei Jan. 21, 2019, 2:51 p.m. UTC 
The frags_q is used before __skb_queue_head_init when conn_info is
NULL. It may result in illegal memory access.

Signed-off-by: Yang Wei <yang.wei9@zte.com.cn>
---
 net/nfc/nci/data.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
index 908f25e..8948341 100644
--- a/net/nfc/nci/data.c
+++ b/net/nfc/nci/data.c
@@ -116,14 +116,14 @@  static int nci_queue_tx_data_frags(struct nci_dev *ndev,
 
 	pr_debug("conn_id 0x%x, total_len %d\n", conn_id, total_len);
 
+	__skb_queue_head_init(&frags_q);
+
 	conn_info = nci_get_conn_info_by_conn_id(ndev, conn_id);
 	if (!conn_info) {
 		rc = -EPROTO;
 		goto free_exit;
 	}
 
-	__skb_queue_head_init(&frags_q);
-
 	while (total_len) {
 		frag_len =
 			min_t(int, total_len, conn_info->max_pkt_payload_len);