Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
phyus
/
linux-vybrid_public
8
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

isdn: gigaset: use after free

I moved the kfree(cb) below the dereferences.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter há 15 anos atrás
pai
7e27a0aeb9
commit
8bcfbd0af0
1 ficheiros alterados com 4 adições e 2 exclusões
Visão Unificada Mostrar Estatísticas Diff
  1. 4 2
      drivers/isdn/gigaset/bas-gigaset.c

+ 4 - 2
drivers/isdn/gigaset/bas-gigaset.c
Ver Ficheiro 

@@ -1914,11 +1914,13 @@ static int gigaset_write_cmd(struct cardstate *cs, struct cmdbuf_t *cb)
 
 	 * The next command will reopen the AT channel automatically.
 
 	 * The next command will reopen the AT channel automatically.
 
 	 */
 
 	 */
 
 	if (cb->len == 3 && !memcmp(cb->buf, "+++", 3)) {
 
 	if (cb->len == 3 && !memcmp(cb->buf, "+++", 3)) {
 
-		kfree(cb);
 
 		rc = req_submit(cs->bcs, HD_CLOSE_ATCHANNEL, 0, BAS_TIMEOUT);
 
 		rc = req_submit(cs->bcs, HD_CLOSE_ATCHANNEL, 0, BAS_TIMEOUT);
 
 		if (cb->wake_tasklet)
 
 		if (cb->wake_tasklet)
 
 			tasklet_schedule(cb->wake_tasklet);
 
 			tasklet_schedule(cb->wake_tasklet);
 
-		return rc < 0 ? rc : cb->len;
 
+		if (!rc)
 
+			rc = cb->len;
 
+		kfree(cb);
 
+		return rc;
 
 	}
 
 	}
 
 
 
 	spin_lock_irqsave(&cs->cmdlock, flags);
 
 	spin_lock_irqsave(&cs->cmdlock, flags);