Search Linux Wireless

[PATCH] nfc: fix potential illegal memory access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The frags_q is used before __skb_queue_head_init when conn_info is
NULL. It may result in illegal memory access.

Signed-off-by: Yang Wei <yang.wei9@xxxxxxxxxx>
---
 net/nfc/nci/data.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
index 908f25e..8948341 100644
--- a/net/nfc/nci/data.c
+++ b/net/nfc/nci/data.c
@@ -116,14 +116,14 @@ static int nci_queue_tx_data_frags(struct nci_dev *ndev,
 
 	pr_debug("conn_id 0x%x, total_len %d\n", conn_id, total_len);
 
+	__skb_queue_head_init(&frags_q);
+
 	conn_info = nci_get_conn_info_by_conn_id(ndev, conn_id);
 	if (!conn_info) {
 		rc = -EPROTO;
 		goto free_exit;
 	}
 
-	__skb_queue_head_init(&frags_q);
-
 	while (total_len) {
 		frag_len =
 			min_t(int, total_len, conn_info->max_pkt_payload_len);
-- 
2.7.4
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux