From eb857fbf9baaa01d552a7ceeb363183dba3101b7 Mon Sep 17 00:00:00 2001
From: Maurizio Lombardi <mlombard@redhat.com>
Date: Tue, 7 Nov 2023 15:51:55 +0100
Subject: [PATCH] libnvme: fix a memory leak when calling read_ssns()

If the check fails, the verify() macro executes "return -EINVAL"
without freeing the allocated memory.

Fix the bug by moving verify() before the point where we call calloc().

Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
---
 src/nvme/nbft.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/nvme/nbft.c b/src/nvme/nbft.c
index fa61154e..2c870880 100644
--- a/src/nvme/nbft.c
+++ b/src/nvme/nbft.c
@@ -197,15 +197,15 @@ static int read_ssns(struct nbft_info *nbft,
 	verify(raw_ssns->structure_id == NBFT_DESC_SSNS,
 	       "invalid ID in SSNS descriptor");
 
+	/* verify transport type */
+	verify(raw_ssns->trtype == NBFT_TRTYPE_TCP,
+	       "invalid transport type in SSNS descriptor");
+
 	ssns = calloc(1, sizeof(*ssns));
 	if (!ssns)
 		return -ENOMEM;
 
 	ssns->index = le16_to_cpu(raw_ssns->index);
-
-	/* transport type */
-	verify(raw_ssns->trtype == NBFT_TRTYPE_TCP,
-	       "invalid transport type in SSNS descriptor");
 	strncpy(ssns->transport, trtype_to_string(raw_ssns->trtype), sizeof(ssns->transport));
 
 	/* transport specific flags */
-- 
2.50.1