xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge tag 'nfc-fixes-3.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-3.0

Browse Source 
This is an NFC LLCP fix for 3.7 and contains only one patch.

It fixes a potential crash when receiving an LLCP HDLC frame acking a frame
that is not the last sent one. In that case we may dereference an already
freed pointer.
This commit is contained in:
John W. Linville
2012-12-06 14:55:57 -05:00
parent 795e936421 289814918c
commit 55cb0797fa
3 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
net/nfc/llcp/llcp.c
View File

@@ -985,15 +985,18 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
/* Remove skbs from the pending queue */
if (llcp_sock->send_ack_n != nr) {
struct sk_buff *s, *tmp;
u8 n;
llcp_sock->send_ack_n = nr;
/* Remove and free all skbs until ns == nr */
skb_queue_walk_safe(&llcp_sock->tx_pending_queue, s, tmp) {
n = nfc_llcp_ns(s);
skb_unlink(s, &llcp_sock->tx_pending_queue);
kfree_skb(s);
if (nfc_llcp_ns(s) == nr)
if (n == nr)
break;
}