Commit dd006fc4 authored by Yang Wei's avatar Yang Wei Committed by David S. Miller

nfc: fix potential illegal memory access

The frags_q is not properly initialized, it may result in illegal memory
access when conn_info is NULL.
The "goto free_exit" should be replaced by "goto exit".
Signed-off-by: default avatarYang Wei <albin_yang@163.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4993e5b3
...@@ -107,7 +107,7 @@ static int nci_queue_tx_data_frags(struct nci_dev *ndev, ...@@ -107,7 +107,7 @@ static int nci_queue_tx_data_frags(struct nci_dev *ndev,
conn_info = nci_get_conn_info_by_conn_id(ndev, conn_id); conn_info = nci_get_conn_info_by_conn_id(ndev, conn_id);
if (!conn_info) { if (!conn_info) {
rc = -EPROTO; rc = -EPROTO;
goto free_exit; goto exit;
} }
__skb_queue_head_init(&frags_q); __skb_queue_head_init(&frags_q);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment