staging: rtl8723au: fix potential leak in update_bcn_wps_ie()

Fix a potential leak in the error path of function update_bcn_wps_ie().
Move the affected input verification to the beginning of the function so
that it may return directly without leaking already allocated memory.
Detected by Coverity - CID 1077718.

Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/rtl8723au/core/rtw_ap.c b/drivers/staging/rtl8723au/core/rtw_ap.c
index 01c6aeda63c5598ad1e690a5bc4c208b9ca60fd3..da03196a3be228ae59136b8fada8e1f8f9022f47 100644 (file)
--- a/drivers/staging/rtl8723au/core/rtw_ap.c
+++ b/drivers/staging/rtl8723au/core/rtw_ap.c
@@ -1252,6 +1252,10 @@ static void update_bcn_wps_ie(struct rtw_adapter *padapter)
 
        DBG_8723A("%s\n", __func__);
 
+       pwps_ie_src = pmlmepriv->wps_beacon_ie;
+       if (pwps_ie_src == NULL)
+               return;
+
        pwps_ie = rtw_get_wps_ie23a(ie+_FIXED_IE_LENGTH_, ielen-_FIXED_IE_LENGTH_, NULL, &wps_ielen);
 
        if (pwps_ie == NULL || wps_ielen == 0)
@@ -1270,10 +1274,6 @@ static void update_bcn_wps_ie(struct rtw_adapter *padapter)
                               remainder_ielen);
        }
 
-       pwps_ie_src = pmlmepriv->wps_beacon_ie;
-       if (pwps_ie_src == NULL)
-               return;
-
        wps_ielen = (uint)pwps_ie_src[1];/* to get ie data len */
        if ((wps_offset+wps_ielen+2+remainder_ielen)<= MAX_IE_SZ)
        {