[PATCH 4.9 138/223] nfc: fix potential illegal memory access

From: Greg Kroah-Hartman
Date: Fri Aug 02 2019 - 05:46:52 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.9 147/223] tcp: Reset bytes_acked and bytes_received when disconnecting"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 137/223] net: openvswitch: fix csum updates for MPLS actions"
In reply to: Greg Kroah-Hartman: "[PATCH 4.9 137/223] net: openvswitch: fix csum updates for MPLS actions"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.9 147/223] tcp: Reset bytes_acked and bytes_received when disconnecting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yang Wei <albin_yang@xxxxxxx>

[ Upstream commit dd006fc434e107ef90f7de0db9907cbc1c521645 ]

The frags_q is not properly initialized, it may result in illegal memory
access when conn_info is NULL.
The "goto free_exit" should be replaced by "goto exit".

Signed-off-by: Yang Wei <albin_yang@xxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/nfc/nci/data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/nfc/nci/data.c
+++ b/net/nfc/nci/data.c
@@ -119,7 +119,7 @@ static int nci_queue_tx_data_frags(struc
conn_info = nci_get_conn_info_by_conn_id(ndev, conn_id);
if (!conn_info) {
rc = -EPROTO;
- goto free_exit;
+ goto exit;
}

__skb_queue_head_init(&frags_q);

Next message: Greg Kroah-Hartman: "[PATCH 4.9 147/223] tcp: Reset bytes_acked and bytes_received when disconnecting"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 137/223] net: openvswitch: fix csum updates for MPLS actions"
In reply to: Greg Kroah-Hartman: "[PATCH 4.9 137/223] net: openvswitch: fix csum updates for MPLS actions"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.9 147/223] tcp: Reset bytes_acked and bytes_received when disconnecting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]