diff options
| author | Lars Poeschel <poeschel@lemonage.de> | 2013-08-27 14:25:25 +0200 |
|---|---|---|
| committer | Samuel Ortiz <sameo@linux.intel.com> | 2013-08-27 15:52:12 +0200 |
| commit | 6f6d9a31b419aac006b4a617926624f636a0eb2f (patch) | |
| tree | e15dcd434fb2c53b3f58ff460f7dd2b42294c7ec | |
| parent | 88ecb64b931d87ea15bf33220f9728b8b976008c (diff) | |
| download | neard-6f6d9a31b419aac006b4a617926624f636a0eb2f.tar.gz neard-6f6d9a31b419aac006b4a617926624f636a0eb2f.tar.bz2 neard-6f6d9a31b419aac006b4a617926624f636a0eb2f.zip | |
nfctype4: Fix a memory leak in t4_readbin_cc
In t4_readbin_cc memory is allocated and response data is
copied into it just do read access on different fields of
this memory. The allocated memory was never freed.
This patch replaces the allocation and copy by just casting
the response data to a pointer thus eleminating the memory
leak.
| -rw-r--r-- | plugins/nfctype4.c | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/plugins/nfctype4.c b/plugins/nfctype4.c index 5596c84..4c599a7 100644 --- a/plugins/nfctype4.c +++ b/plugins/nfctype4.c @@ -421,7 +421,7 @@ static int t4_select_NDEF_ID(uint8_t *resp, int length, void *data) static int t4_readbin_cc(uint8_t *resp, int length, void *data) { struct t4_cookie *cookie = data; - struct type4_cc *read_cc; + struct type4_cc *read_cc = (struct type4_cc *)&resp[1]; DBG("%d", length); @@ -435,16 +435,6 @@ static int t4_readbin_cc(uint8_t *resp, int length, void *data) return t4_cookie_release(-EIO, cookie); } - /* -2 for status word and -1 is for NFC first byte... */ - read_cc = g_try_malloc0(length - 2 - NFC_STATUS_BYTE_LEN); - if (!read_cc) { - DBG("Mem alloc failed"); - - return t4_cookie_release(-ENOMEM, cookie); - } - - memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ; - cookie->r_apdu_max_size = g_ntohs(read_cc->max_R_apdu_data_size) - APDU_HEADER_LEN; cookie->c_apdu_max_size = g_ntohs(read_cc->max_C_apdu_data_size); |