summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
authorLars Poeschel <poeschel@lemonage.de>2013-08-27 14:25:25 +0200
committerSamuel Ortiz <sameo@linux.intel.com>2013-08-27 15:52:12 +0200
commit6f6d9a31b419aac006b4a617926624f636a0eb2f (patch)
treee15dcd434fb2c53b3f58ff460f7dd2b42294c7ec /plugins
parent88ecb64b931d87ea15bf33220f9728b8b976008c (diff)
downloadneard-6f6d9a31b419aac006b4a617926624f636a0eb2f.tar.gz
neard-6f6d9a31b419aac006b4a617926624f636a0eb2f.tar.bz2
neard-6f6d9a31b419aac006b4a617926624f636a0eb2f.zip
nfctype4: Fix a memory leak in t4_readbin_cc
In t4_readbin_cc memory is allocated and response data is copied into it just do read access on different fields of this memory. The allocated memory was never freed. This patch replaces the allocation and copy by just casting the response data to a pointer thus eleminating the memory leak.
Diffstat (limited to 'plugins')
-rw-r--r--plugins/nfctype4.c12
1 files changed, 1 insertions, 11 deletions
diff --git a/plugins/nfctype4.c b/plugins/nfctype4.c
index 5596c84..4c599a7 100644
--- a/plugins/nfctype4.c
+++ b/plugins/nfctype4.c
@@ -421,7 +421,7 @@ static int t4_select_NDEF_ID(uint8_t *resp, int length, void *data)
static int t4_readbin_cc(uint8_t *resp, int length, void *data)
{
struct t4_cookie *cookie = data;
- struct type4_cc *read_cc;
+ struct type4_cc *read_cc = (struct type4_cc *)&resp[1];
DBG("%d", length);
@@ -435,16 +435,6 @@ static int t4_readbin_cc(uint8_t *resp, int length, void *data)
return t4_cookie_release(-EIO, cookie);
}
- /* -2 for status word and -1 is for NFC first byte... */
- read_cc = g_try_malloc0(length - 2 - NFC_STATUS_BYTE_LEN);
- if (!read_cc) {
- DBG("Mem alloc failed");
-
- return t4_cookie_release(-ENOMEM, cookie);
- }
-
- memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ;
-
cookie->r_apdu_max_size = g_ntohs(read_cc->max_R_apdu_data_size) -
APDU_HEADER_LEN;
cookie->c_apdu_max_size = g_ntohs(read_cc->max_C_apdu_data_size);