From: Pan Bian <bianpan2016@163.com>
To: Samuel Ortiz <sameo@linux.intel.com>,
"David S. Miller" <davem@davemloft.net>
Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, Pan Bian <bianpan2016@163.com>
Subject: [PATCH] NFC: netlink: remove unexpected nfc_put_device
Date: Tue, 27 Nov 2018 15:54:35 +0800 [thread overview]
Message-ID: <1543305275-23051-1-git-send-email-bianpan2016@163.com> (raw)
The functions nfc_genl_llc_set_params and nfc_genl_llc_sdreq drops the
reference to dev via nfc_put_device on the error branch that no local
device is found. However, the error handling block reads dev's field and
then put dev again. This may result in use-after-free bugs. The patch
removes the unexpected call to nfc_put_device.
Signed-off-by: Pan Bian <bianpan2016@163.com>
---
net/nfc/netlink.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 376181c..e1f2057 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -1107,7 +1107,6 @@ static int nfc_genl_llc_set_params(struct sk_buff *skb, struct genl_info *info)
local = nfc_llcp_find_local(dev);
if (!local) {
- nfc_put_device(dev);
rc = -ENODEV;
goto exit;
}
@@ -1167,7 +1166,6 @@ static int nfc_genl_llc_sdreq(struct sk_buff *skb, struct genl_info *info)
local = nfc_llcp_find_local(dev);
if (!local) {
- nfc_put_device(dev);
rc = -ENODEV;
goto exit;
}
--
2.7.4
reply other threads:[~2018-11-27 7:55 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1543305275-23051-1-git-send-email-bianpan2016@163.com \
--to=bianpan2016@163.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sameo@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.