net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails

[linux-2.6-microblaze.git] / net / nfc / llcp_core.c

diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c
index ef4026a..4fa0152 100644 (file)
--- a/net/nfc/llcp_core.c
+++ b/net/nfc/llcp_core.c
@@ -532,10 +532,10 @@ static u8 nfc_llcp_reserve_sdp_ssap(struct nfc_llcp_local *local)
 
 static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
 {
-       u8 *gb_cur, *version_tlv, version, version_length;
-       u8 *lto_tlv, lto_length;
-       u8 *wks_tlv, wks_length;
-       u8 *miux_tlv, miux_length;
+       u8 *gb_cur, version, version_length;
+       u8 lto_length, wks_length, miux_length;
+       u8 *version_tlv = NULL, *lto_tlv = NULL,
+          *wks_tlv = NULL, *miux_tlv = NULL;
        __be16 wks = cpu_to_be16(local->local_wks);
        u8 gb_len = 0;
        int ret = 0;
@@ -543,17 +543,33 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
        version = LLCP_VERSION_11;
        version_tlv = nfc_llcp_build_tlv(LLCP_TLV_VERSION, &version,
                                         1, &version_length);
+       if (!version_tlv) {
+               ret = -ENOMEM;
+               goto out;
+       }
        gb_len += version_length;
 
        lto_tlv = nfc_llcp_build_tlv(LLCP_TLV_LTO, &local->lto, 1, &lto_length);
+       if (!lto_tlv) {
+               ret = -ENOMEM;
+               goto out;
+       }
        gb_len += lto_length;
 
        pr_debug("Local wks 0x%lx\n", local->local_wks);
        wks_tlv = nfc_llcp_build_tlv(LLCP_TLV_WKS, (u8 *)&wks, 2, &wks_length);
+       if (!wks_tlv) {
+               ret = -ENOMEM;
+               goto out;
+       }
        gb_len += wks_length;
 
        miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&local->miux, 0,
                                      &miux_length);
+       if (!miux_tlv) {
+               ret = -ENOMEM;
+               goto out;
+       }
        gb_len += miux_length;
 
        gb_len += ARRAY_SIZE(llcp_magic);