scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()

strsep() modifies the address of the pointer passed to it so that it no
longer points to the original address. This means kfree() gets the wrong
pointer.

Fix this by passing unmodified pointer returned from kstrdup() to
kfree().

Found by Linux Verification Center (linuxtesting.org) with Svace.

Fixes: 4df84e846624 ("scsi: elx: efct: Driver initialization routines")
Signed-off-by: Vitaliy Shevtsov <v.shevtsov@mt-integration.ru>
Link: https://lore.kernel.org/r/20250612163616.24298-1-v.shevtsov@mt-integration.ru
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/elx/efct/efct_hw.c b/drivers/scsi/elx/efct/efct_hw.c
index 5a5525054d71c89a66cbd1de95d941a7311bcb5c..5b079b8b7a082b79d9736421e55ac364de6c3749 100644 (file)
--- a/drivers/scsi/elx/efct/efct_hw.c
+++ b/drivers/scsi/elx/efct/efct_hw.c
@@ -1120,7 +1120,7 @@ int
 efct_hw_parse_filter(struct efct_hw *hw, void *value)
 {
        int rc = 0;
-       char *p = NULL;
+       char *p = NULL, *pp = NULL;
        char *token;
        u32 idx = 0;
 
@@ -1132,6 +1132,7 @@ efct_hw_parse_filter(struct efct_hw *hw, void *value)
                efc_log_err(hw->os, "p is NULL\n");
                return -ENOMEM;
        }
+       pp = p;
 
        idx = 0;
        while ((token = strsep(&p, ",")) && *token) {
@@ -1144,7 +1145,7 @@ efct_hw_parse_filter(struct efct_hw *hw, void *value)
                if (idx == ARRAY_SIZE(hw->config.filter_def))
                        break;
        }
-       kfree(p);
+       kfree(pp);
 
        return rc;
 }