| Submitter | Herton Ronaldo Krzesinski |
|---|---|
| Date | Dec. 13, 2012, 4:45 a.m. |
| Message ID | <1355373938-2501-1-git-send-email-herton.krzesinski@canonical.com> |
| Download | mbox | patch |
| Permalink | /patch/205720/ |
| State | New |
| Headers | show |
Comments
Patch
diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c index 19110f0..3811d60 100644 --- a/drivers/nfc/pn533.c +++ b/drivers/nfc/pn533.c @@ -1395,12 +1395,8 @@ static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target, rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame, dev->in_maxlen, pn533_in_dep_link_up_complete, cmd, GFP_KERNEL); - if (rc) - goto out; - - -out: - kfree(cmd); + if (rc < 0) + kfree(cmd); return rc; }
This is a note to let you know that I have just added a patch titled NFC: pn533: Fix use after free to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.5.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Herton ------ From b573f5e2bef1ee4c5c41c8dbf6a5bf8ffd79d1c6 Mon Sep 17 00:00:00 2001 From: Szymon Janc <szymon.janc@tieto.com> Date: Mon, 29 Oct 2012 14:04:43 +0100 Subject: [PATCH 01/20] NFC: pn533: Fix use after free commit 770f750bc2b8312489c8e45306f551d08a319d3c upstream. cmd was freed in pn533_dep_link_up regardless of pn533_send_cmd_frame_async return code. Cmd is passed as argument to pn533_in_dep_link_up_complete callback and should be freed there. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> --- drivers/nfc/pn533.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) -- 1.7.9.5