From patchwork Fri Aug 6 08:21:26 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 61073 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 4FA441007D1 for ; Fri, 6 Aug 2010 18:21:59 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934494Ab0HFIVy (ORCPT ); Fri, 6 Aug 2010 04:21:54 -0400 Received: from mail-ww0-f44.google.com ([74.125.82.44]:48209 "EHLO mail-ww0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932936Ab0HFIVw (ORCPT ); Fri, 6 Aug 2010 04:21:52 -0400 Received: by wwj40 with SMTP id 40so8760667wwj.1 for ; Fri, 06 Aug 2010 01:21:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:mime-version:content-type:content-disposition:user-agent; bh=FprWfJiBpXO7SRgp4A2ahwnOgc/YRh3HGCjve6ZVyH0=; b=ImijhIX3Vmfe2ZtR6BC/SAlp9cvDKLrXBs3MGy9st1uR3wmaPRf+cL2T/CpmMg4SV9 ygzVyTP5NvuCdv5C0KBQ4PnLy4HNhUiKrOqB0f9BADL7vicLzSYoxwJxqGaUaRpEPxDW HsXKqhgFhPsU19EWIohDgkZQSvRSgdWWTRt/Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=BzCzKIrJf83efuyVcwEoOlIk/tJajftEZUaQ9UI0AQq3XieteLcpOGwhvJRmZmVGjy fBEC50kzsTpJ0aklrXjIxb+GYvHd3ArKmjLwHVpODC3LLT5MfK/WoJvIFDvXvLAUlRxb dHesvBdD4ZWBrVU8hhsMsab+aUpcS/Tknup3I= Received: by 10.227.134.210 with SMTP id k18mr10145521wbt.160.1281082909334; Fri, 06 Aug 2010 01:21:49 -0700 (PDT) Received: from bicker ([205.177.176.130]) by mx.google.com with ESMTPS id r10sm25639wbe.6.2010.08.06.01.21.39 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 06 Aug 2010 01:21:48 -0700 (PDT) Date: Fri, 6 Aug 2010 10:21:26 +0200 From: Dan Carpenter To: Hansjoerg Lipp Cc: Tilman Schmidt , Karsten Keil , "David S. Miller" , Tejun Heo , Joe Perches , gigaset307x-common@lists.sourceforge.net, netdev@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [patch] isdn: gigaset: use after free Message-ID: <20100806082126.GT9031@bicker> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org I moved the kfree(cb) below the dereferences. Signed-off-by: Dan Carpenter Acked-by: Tilman Schmidt --- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/isdn/gigaset/bas-gigaset.c b/drivers/isdn/gigaset/bas-gigaset.c index 0ded364..707d9c9 100644 --- a/drivers/isdn/gigaset/bas-gigaset.c +++ b/drivers/isdn/gigaset/bas-gigaset.c @@ -1914,11 +1914,13 @@ static int gigaset_write_cmd(struct cardstate *cs, struct cmdbuf_t *cb) * The next command will reopen the AT channel automatically. */ if (cb->len == 3 && !memcmp(cb->buf, "+++", 3)) { - kfree(cb); rc = req_submit(cs->bcs, HD_CLOSE_ATCHANNEL, 0, BAS_TIMEOUT); if (cb->wake_tasklet) tasklet_schedule(cb->wake_tasklet); - return rc < 0 ? rc : cb->len; + if (!rc) + rc = cb->len; + kfree(cb); + return rc; } spin_lock_irqsave(&cs->cmdlock, flags);