mwifiex: avoid freeing improper pointer in mwifiex_set_wowlan_mef_entry

mwifiex_set_wowlan_mef_entry attempts to free a passed-in pointer in
case of an error.  The only caller (mwifiex_set_mef_filter) passes that
pointer as an offset into allocated memory, so any attempt to free that
will not be the actual allocated pointer.

Address this by changing mwifiex_set_wowlan_mef_entry to not do any
free, and to cause mwifiex_set_mef_filter to do the appropriate free if
the call to mwifiex_set_wowlan_mef_entry fails.

Coverity CID #1295879

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Acked-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

drivers/net/wireless/mwifiex/cfg80211.c

@@ -2985,7 +2985,6 @@ static int mwifiex_set_wowlan_mef_entry(struct mwifiex_private *priv,
 					MWIFIEX_MEF_MAX_BYTESEQ)) {
 			mwifiex_dbg(priv->adapter, ERROR,
 				    "Pattern not supported\n");
-			kfree(mef_entry);
 			return -EOPNOTSUPP;
 		}
 
@@ -3067,9 +3066,12 @@ static int mwifiex_set_mef_filter(struct mwifiex_private *priv,
 
 	mwifiex_set_auto_arp_mef_entry(priv, &mef_entry[0]);
 
-	if (wowlan->n_patterns || wowlan->magic_pkt)
+	if (wowlan->n_patterns || wowlan->magic_pkt) {
 		ret = mwifiex_set_wowlan_mef_entry(priv, &mef_cfg,
 						   &mef_entry[1], wowlan);
+		if (ret)
+			goto err;
+	}
 
 	if (!mef_cfg.criteria)
 		mef_cfg.criteria = MWIFIEX_CRITERIA_BROADCAST |
@@ -3079,6 +3081,8 @@ static int mwifiex_set_mef_filter(struct mwifiex_private *priv,
 	ret = mwifiex_send_cmd(priv, HostCmd_CMD_MEF_CFG,
 			HostCmd_ACT_GEN_SET, 0,
 			&mef_cfg, true);
+
+err:
 	kfree(mef_entry);
 	return ret;
 }