ccid: Fix msgb_free() of messages received on OUT after processing
Change-Id: I3f41d50ba508b90f5b01612974f31ca387acbfbc
diff --git a/ccid/ccid_device.c b/ccid/ccid_device.c
index f91abb8..87d99ce 100644
--- a/ccid/ccid_device.c
+++ b/ccid/ccid_device.c
@@ -736,12 +736,18 @@
LOGP(DCCID, LOGL_NOTICE, "Unknown CCID Message received: 0x%02x\n", ch->bMessageType);
resp = gen_err_resp(ch->bMessageType, ch->bSlot, CCID_ICC_STATUS_NO_ICC, ch->bSeq,
CCID_ERR_CMD_NOT_SUPPORTED);
+ msgb_free(msg);
return ccid_slot_send_unbusy(cs, resp);
}
+ /* the various ccid_handle_* functions can return '1' to tell us that they took ownership
+ * of the msgb */
+ if (rc != 1)
+ msgb_free(msg);
return 0;
short_msg:
LOGP(DCCID, LOGL_ERROR, "Short CCID message received: %s; ignoring\n", msgb_hexdump(msg));
+ msgb_free(msg);
return -1;
}