From 6f6d9a31b419aac006b4a617926624f636a0eb2f Mon Sep 17 00:00:00 2001 From: Lars Poeschel Date: Tue, 27 Aug 2013 14:25:25 +0200 Subject: nfctype4: Fix a memory leak in t4_readbin_cc In t4_readbin_cc memory is allocated and response data is copied into it just do read access on different fields of this memory. The allocated memory was never freed. This patch replaces the allocation and copy by just casting the response data to a pointer thus eleminating the memory leak. --- plugins/nfctype4.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'plugins') diff --git a/plugins/nfctype4.c b/plugins/nfctype4.c index 5596c84..4c599a7 100644 --- a/plugins/nfctype4.c +++ b/plugins/nfctype4.c @@ -421,7 +421,7 @@ static int t4_select_NDEF_ID(uint8_t *resp, int length, void *data) static int t4_readbin_cc(uint8_t *resp, int length, void *data) { struct t4_cookie *cookie = data; - struct type4_cc *read_cc; + struct type4_cc *read_cc = (struct type4_cc *)&resp[1]; DBG("%d", length); @@ -435,16 +435,6 @@ static int t4_readbin_cc(uint8_t *resp, int length, void *data) return t4_cookie_release(-EIO, cookie); } - /* -2 for status word and -1 is for NFC first byte... */ - read_cc = g_try_malloc0(length - 2 - NFC_STATUS_BYTE_LEN); - if (!read_cc) { - DBG("Mem alloc failed"); - - return t4_cookie_release(-ENOMEM, cookie); - } - - memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ; - cookie->r_apdu_max_size = g_ntohs(read_cc->max_R_apdu_data_size) - APDU_HEADER_LEN; cookie->c_apdu_max_size = g_ntohs(read_cc->max_C_apdu_data_size); -- cgit v1.2.3