stable inclusion from stable-v4.19.213 commit 071bdef36391958c89af5fa2172f691b31baa212 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RBH0 CVE: CVE-2021-47442
--------------------------------
commit 291c932fc3692e4d211a445ba8aa35663831bac7 upstream.
'skb' is allocated in digital_in_send_sdd_req(), but not free when digital_in_send_cmd() failed, which will cause memory leak. Fix it by freeing 'skb' if digital_in_send_cmd() return failed.
Fixes: 2c66daecc409 ("NFC Digital: Add NFC-A technology support") Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com Reviewed-by: Krzysztof Kozlowski krzysztof.kozlowski@canonical.com Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com --- net/nfc/digital_technology.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/nfc/digital_technology.c b/net/nfc/digital_technology.c index 2021d1d58a75..c092b02fde8a 100644 --- a/net/nfc/digital_technology.c +++ b/net/nfc/digital_technology.c @@ -474,8 +474,12 @@ static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev, skb_put_u8(skb, sel_cmd); skb_put_u8(skb, DIGITAL_SDD_REQ_SEL_PAR);
- return digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res, - target); + rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res, + target); + if (rc) + kfree_skb(skb); + + return rc; }
static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,