NFC: pn533: fix use-after-free and memleaks

commit 6af3aa57a0984e061f61308fe181a9a12359fecc upstream. The driver would fail to deregister and its class device and free related resources on late probe errors. Reported-by: syzbot+cb035c75c03dbe34b796@syzkaller.appspotmail.com Fixes: 32ecc75d ("NFC: pn533: change order operations in dev registation") Signed-off-by: N Johan Hovold <johan@kernel.org> Signed-off-by: N Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>

NFC: pn533: fix use-after-free and memleaks
commit 6af3aa57a0984e061f61308fe181a9a12359fecc upstream. The driver would fail to deregister and its class device and free related resources on late probe errors. Reported-by: syzbot+cb035c75c03dbe34b796@syzkaller.appspotmail.com Fixes: 32ecc75d ("NFC: pn533: change order operations in dev registation") Signed-off-by: N Johan Hovold <johan@kernel.org> Signed-off-by: N Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>
24aaf7f4 · Johan Hovold · Greg Kroah-Hartman · 8d9c4a9b · 24aaf7f4
隐藏空白更改
内联并排

Showing with 8 addition and 1 deletion

drivers/nfc/pn533/usb.c drivers/nfc/pn533/usb.c +8 -1

未找到文件。
--- a/drivers/nfc/pn533/usb.c
+++ b/drivers/nfc/pn533/usb.c
@@ -559,18 +559,25 @@ static int pn533_usb_probe(struct usb_interface *interface,

 	rc = pn533_finalize_setup(priv);
 	if (rc)
-		goto error;
+		goto err_deregister;

 	usb_set_intfdata(interface, phy);

 	return 0;

+err_deregister:
+	pn533_unregister_device(phy->priv);
 error:
+	usb_kill_urb(phy->in_urb);
+	usb_kill_urb(phy->out_urb);
+	usb_kill_urb(phy->ack_urb);
+
 	usb_free_urb(phy->in_urb);
 	usb_free_urb(phy->out_urb);
 	usb_free_urb(phy->ack_urb);
 	usb_put_dev(phy->udev);
 	kfree(in_buf);
+	kfree(phy->ack_buffer);

 	return rc;
 }