f_rockusb: Avoid use-after-free in the global pointer variable

In case of usb_add_function() failure the error path has two issues:
 - the potentially allocated structure isn't getting freed
 - the global pointer variable is assigned to garbage

Fix the above mentioned issues by freeing memory and assigning NULL.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

diff --git a/drivers/usb/gadget/f_rockusb.c b/drivers/usb/gadget/f_rockusb.c
index 9dd10f9..bd846ce 100644 (file)
--- a/drivers/usb/gadget/f_rockusb.c
+++ b/drivers/usb/gadget/f_rockusb.c
@@ -309,8 +309,9 @@ static int rockusb_add(struct usb_configuration *c)
 
        status = usb_add_function(c, &f_rkusb->usb_function);
        if (status) {
+               free(f_rkusb->buf_head);
                free(f_rkusb);
-               rockusb_func = f_rkusb;
+               rockusb_func = NULL;
        }
        return status;
 }