mei: nfc: fix memory leak in error path

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

NFC will leak buffer if send failed.
Use single exit point that does the freeing

Cc: stable@vger.kernel.org #3.10+
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Alexander Usyskin and committed by

Greg Kroah-Hartman 11 years ago 8e8248b1 73ab4232

+5 -6

1 changed file

expand all

drivers

misc

mei

nfc.c

+5 -6

drivers/misc/mei/nfc.c

··· 342 342 ndev = (struct mei_nfc_dev *) cldev->priv_data; 343 343 dev = ndev->cl->dev; 344 344 345 + err = -ENOMEM; 345 346 mei_buf = kzalloc(length + MEI_NFC_HEADER_SIZE, GFP_KERNEL); 346 347 if (!mei_buf) 347 - return -ENOMEM; 348 + goto out; 348 349 349 350 hdr = (struct mei_nfc_hci_hdr *) mei_buf; 350 351 hdr->cmd = MEI_NFC_CMD_HCI_SEND; ··· 355 354 hdr->data_size = length; 356 355 357 356 memcpy(mei_buf + MEI_NFC_HEADER_SIZE, buf, length); 358 - 359 357 err = __mei_cl_send(ndev->cl, mei_buf, length + MEI_NFC_HEADER_SIZE); 360 358 if (err < 0) 361 - return err; 362 - 363 - kfree(mei_buf); 359 + goto out; 364 360 365 361 if (!wait_event_interruptible_timeout(ndev->send_wq, 366 362 ndev->recv_req_id == ndev->req_id, HZ)) { ··· 366 368 } else { 367 369 ndev->req_id++; 368 370 } 369 - 371 + out: 372 + kfree(mei_buf); 370 373 return err; 371 374 } 372 375