mISDN: Fix memory leak in dsp_hwec_enable()

dsp_hwec_enable() allocates dup pointer by kstrdup(arg),
but then it updates dup variable by strsep(&dup, ",").
As a result when it calls kfree(dup), the dup variable may be
a modified pointer that no longer points to the original allocated
memory, causing a memory leak.

The issue is the same pattern as fixed in commit c6a502c22999
("mISDN: Fix memory leak in dsp_pipeline_build()").

Fixes: 9a4381618262 ("mISDN: Remove VLAs")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250828081457.36061-1-linmq006@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/isdn/mISDN/dsp_hwec.c b/drivers/isdn/mISDN/dsp_hwec.c
index 0b3f29195330ac128e957a26c64ab019835f1bd5..0cd216e28f0090b9473da5f1075adc23ba03011e 100644 (file)
--- a/drivers/isdn/mISDN/dsp_hwec.c
+++ b/drivers/isdn/mISDN/dsp_hwec.c
@@ -51,14 +51,14 @@ void dsp_hwec_enable(struct dsp *dsp, const char *arg)
                goto _do;
 
        {
-               char *dup, *tok, *name, *val;
+               char *dup, *next, *tok, *name, *val;
                int tmp;
 
-               dup = kstrdup(arg, GFP_ATOMIC);
+               dup = next = kstrdup(arg, GFP_ATOMIC);
                if (!dup)
                        return;
 
-               while ((tok = strsep(&dup, ","))) {
+               while ((tok = strsep(&next, ","))) {
                        if (!strlen(tok))
                                continue;
                        name = strsep(&tok, "=");