You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mynewt.apache.org by cc...@apache.org on 2017/02/01 19:14:41 UTC

[2/5] incubator-mynewt-core git commit: nimble/l2cap: Fix possible NULL pointer dereference

nimble/l2cap: Fix possible NULL pointer dereference

os_mbuf_free expects valid pointer which could result in dereferencing
NULL pointer if ble_hs_mbuf_l2cap_pkt failed.


Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/1c491451
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/1c491451
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/1c491451

Branch: refs/heads/develop
Commit: 1c49145107cc8d320977f0ed7a155a2edd7ab5db
Parents: 98f2a20
Author: Szymon Janc <sz...@codecoup.pl>
Authored: Mon Jan 30 16:33:47 2017 +0100
Committer: Szymon Janc <sz...@codecoup.pl>
Committed: Mon Jan 30 16:33:47 2017 +0100

----------------------------------------------------------------------
 net/nimble/host/src/ble_l2cap_sig_cmd.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/1c491451/net/nimble/host/src/ble_l2cap_sig_cmd.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_l2cap_sig_cmd.c b/net/nimble/host/src/ble_l2cap_sig_cmd.c
index b8ab12b..7458210 100644
--- a/net/nimble/host/src/ble_l2cap_sig_cmd.c
+++ b/net/nimble/host/src/ble_l2cap_sig_cmd.c
@@ -27,21 +27,19 @@ ble_l2cap_sig_init_cmd(uint8_t op, uint8_t id, uint8_t payload_len,
     struct ble_l2cap_sig_hdr hdr;
     struct os_mbuf *txom;
     void *v;
-    int rc;
 
     *out_om = NULL;
     *out_payload_buf = NULL;
 
     txom = ble_hs_mbuf_l2cap_pkt();
     if (txom == NULL) {
-        rc = BLE_HS_ENOMEM;
-        goto err;
+        return BLE_HS_ENOMEM;
     }
 
     v = os_mbuf_extend(txom, BLE_L2CAP_SIG_HDR_SZ + payload_len);
     if (v == NULL) {
-        rc = BLE_HS_ENOMEM;
-        goto err;
+        os_mbuf_free(txom);
+        return BLE_HS_ENOMEM;
     }
 
     hdr.op = op;
@@ -54,10 +52,6 @@ ble_l2cap_sig_init_cmd(uint8_t op, uint8_t id, uint8_t payload_len,
     *out_payload_buf = (uint8_t *)v + BLE_L2CAP_SIG_HDR_SZ;
 
     return 0;
-
-err:
-    os_mbuf_free(txom);
-    return rc;
 }
 
 static int