isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()

In hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when
setup_instance() fails with an error code. Fix that by freeing the urb
before freeing the hw structure. Also change the error paths to use the
goto ladder style.

Compile tested only. Issue found using a prototype static analysis tool.

Fixes: 69f52adb2d53 ("mISDN: Add HFC USB driver")
Signed-off-by: Abdun Nihaal <nihaal@cse.iitm.ac.in>
Link: https://patch.msgid.link/20251030042524.194812-1-nihaal@cse.iitm.ac.in
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
index e54419a4e731f41572aed08ab65efe8fdf285f69..541a20cb58f16b8569776bf192a862c42f03d829 100644 (file)
--- a/drivers/isdn/hardware/mISDN/hfcsusb.c
+++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
@@ -1904,13 +1904,13 @@ out:
        mISDN_freebchannel(&hw->bch[1]);
        mISDN_freebchannel(&hw->bch[0]);
        mISDN_freedchannel(&hw->dch);
-       kfree(hw);
        return err;
 }
 
 static int
 hfcsusb_probe(struct usb_interface *intf, const struct usb_device_id *id)
 {
+       int err;
        struct hfcsusb                  *hw;
        struct usb_device               *dev = interface_to_usbdev(intf);
        struct usb_host_interface       *iface = intf->cur_altsetting;
@@ -2101,20 +2101,28 @@ hfcsusb_probe(struct usb_interface *intf, const struct usb_device_id *id)
        if (!hw->ctrl_urb) {
                pr_warn("%s: No memory for control urb\n",
                        driver_info->vend_name);
-               kfree(hw);
-               return -ENOMEM;
+               err = -ENOMEM;
+               goto err_free_hw;
        }
 
        pr_info("%s: %s: detected \"%s\" (%s, if=%d alt=%d)\n",
                hw->name, __func__, driver_info->vend_name,
                conf_str[small_match], ifnum, alt_used);
 
-       if (setup_instance(hw, dev->dev.parent))
-               return -EIO;
+       if (setup_instance(hw, dev->dev.parent)) {
+               err = -EIO;
+               goto err_free_urb;
+       }
 
        hw->intf = intf;
        usb_set_intfdata(hw->intf, hw);
        return 0;
+
+err_free_urb:
+       usb_free_urb(hw->ctrl_urb);
+err_free_hw:
+       kfree(hw);
+       return err;
 }
 
 /* function called when an active device is removed */