greybus: es2: fix use-after-free at disconnect

author Johan Hovold <johan@hovoldconsulting.com>

Wed, 4 Nov 2015 17:55:12 +0000 (18:55 +0100)

committer Greg Kroah-Hartman <gregkh@google.com>

Thu, 5 Nov 2015 04:35:18 +0000 (20:35 -0800)
author Johan Hovold <johan@hovoldconsulting.com>
Wed, 4 Nov 2015 17:55:12 +0000 (18:55 +0100)
committer Greg Kroah-Hartman <gregkh@google.com>
Thu, 5 Nov 2015 04:35:18 +0000 (20:35 -0800)
diff --git a/drivers/staging/greybus/es2.c b/drivers/staging/greybus/es2.c

index 1e786a6..ebf41f7 100644 (file)
--- a/drivers/staging/greybus/es2.c
+++ b/drivers/staging/greybus/es2.c
@@ -510,6 +510,7 @@ static void ap_disconnect(struct usb_interface *interface)
  {
         struct es2_ap_dev *es2;
         struct usb_device *udev;
+       int *cport_to_ep;
         int bulk_in;
         int i;
  
@@ -548,9 +549,10 @@ static void ap_disconnect(struct usb_interface *interface)
  
         usb_set_intfdata(interface, NULL);
         udev = es2->usb_dev;
+       cport_to_ep = es2->cport_to_ep;
         gb_hd_remove(es2->hd);
-       kfree(es2->cport_to_ep);
  
+       kfree(cport_to_ep);
         usb_put_dev(udev);
  }
author	Johan Hovold <johan@hovoldconsulting.com>
	Wed, 4 Nov 2015 17:55:12 +0000 (18:55 +0100)
committer	Greg Kroah-Hartman <gregkh@google.com>
	Thu, 5 Nov 2015 04:35:18 +0000 (20:35 -0800)