From: Maurizio Lombardi <mlombard@redhat.com>
Date: Tue, 7 Nov 2023 14:51:55 +0000 (+0100)
Subject: libnvme: fix a memory leak when calling read_ssns()
X-Git-Tag: v1.7~29
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=eb857fbf9baaa01d552a7ceeb363183dba3101b7;p=users%2Fsagi%2Flibnvme.git

libnvme: fix a memory leak when calling read_ssns()

If the check fails, the verify() macro executes "return -EINVAL"
without freeing the allocated memory.

Fix the bug by moving verify() before the point where we call calloc().

Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
---

diff --git a/src/nvme/nbft.c b/src/nvme/nbft.c
index fa61154e..2c870880 100644
--- a/src/nvme/nbft.c
+++ b/src/nvme/nbft.c
@@ -197,15 +197,15 @@ static int read_ssns(struct nbft_info *nbft,
 	verify(raw_ssns->structure_id == NBFT_DESC_SSNS,
 	       "invalid ID in SSNS descriptor");
 
+	/* verify transport type */
+	verify(raw_ssns->trtype == NBFT_TRTYPE_TCP,
+	       "invalid transport type in SSNS descriptor");
+
 	ssns = calloc(1, sizeof(*ssns));
 	if (!ssns)
 		return -ENOMEM;
 
 	ssns->index = le16_to_cpu(raw_ssns->index);
-
-	/* transport type */
-	verify(raw_ssns->trtype == NBFT_TRTYPE_TCP,
-	       "invalid transport type in SSNS descriptor");
 	strncpy(ssns->transport, trtype_to_string(raw_ssns->trtype), sizeof(ssns->transport));
 
 	/* transport specific flags */