nfc: fix potential illegal memory access [Linux 4.9.187]

This Linux kernel change "nfc: fix potential illegal memory access" is included in the Linux 4.9.187 release. This change is authored by Yang Wei <albin_yang [at] 163.com> on Mon Jul 8 22:57:39 2019 +0800. The commit for this change in Linux stable tree is 1f23210 (patch) which is from upstream commit dd006fc. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream dd006fc.

nfc: fix potential illegal memory access

[ Upstream commit dd006fc434e107ef90f7de0db9907cbc1c521645 ]

The frags_q is not properly initialized, it may result in illegal memory
access when conn_info is NULL.
The "goto free_exit" should be replaced by "goto exit".

Signed-off-by: Yang Wei <albin_yang@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

There are 2 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/nfc/nci/data.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
index dbd2425..d203837 100644
--- a/net/nfc/nci/data.c
+++ b/net/nfc/nci/data.c
@@ -119,7 +119,7 @@ static int nci_queue_tx_data_frags(struct nci_dev *ndev,
    conn_info = nci_get_conn_info_by_conn_id(ndev, conn_id);
    if (!conn_info) {
        rc = -EPROTO;
-       goto free_exit;
+       goto exit;
    }

    __skb_queue_head_init(&frags_q);

Leave a Reply

Your email address will not be published. Required fields are marked *