wifi: cfg80211: Fix an error handling path in nl80211_start_ap()

All error handling paths go to "out", except this one. Before the
commit in Fixes, error in the previous code would also end to "out",
freeing the memory.

Move the code up to avoid the leak.

Fixes: 62262dd00c31 ("wifi: cfg80211: disallow SMPS in AP mode")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://patch.msgid.link/eae54ce066d541914f272b10cab7b263c08eced3.1729956868.git.christophe.jaillet@wanadoo.fr
[move code, update commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index d281568b2e2e7733e15bf2f37b94f9229b060b8e..b8cdd844f0e64823f00e6582f12065fe94de12f9 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -6123,6 +6123,10 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
            !info->attrs[NL80211_ATTR_BEACON_HEAD])
                return -EINVAL;
 
+       if (info->attrs[NL80211_ATTR_SMPS_MODE] &&
+           nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]) != NL80211_SMPS_OFF)
+               return -EOPNOTSUPP;
+
        params = kzalloc(sizeof(*params), GFP_KERNEL);
        if (!params)
                return -ENOMEM;
@@ -6272,10 +6276,6 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
                        goto out;
        }
 
-       if (info->attrs[NL80211_ATTR_SMPS_MODE] &&
-           nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]) != NL80211_SMPS_OFF)
-               return -EOPNOTSUPP;
-
        params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
        if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
                err = -EOPNOTSUPP;