(backport) core: Fix use after free case in load_from_path()

ensure that mfree() on filename is called after the logging function
which uses the string pointed by filename

Change-Id: I126ff9068ff62ab658cafb80f0c8c12398e321ba
Signed-off-by: Khem Raj <raj.khem@gmail.com>

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 8d01a0b..58a76fc 100644 (file)
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -4387,7 +4387,6 @@ static int load_from_path(Unit *u, const char *path) {
                                 r = open_follow(&filename, &f, symlink_names, &id);
                         if (r >= 0)
                                 break;
-                        filename = mfree(filename);
 
                         /* ENOENT means that the file is missing or is a dangling symlink.
                          * ENOTDIR means that one of paths we expect to be is a directory
@@ -4399,6 +4398,7 @@ static int load_from_path(Unit *u, const char *path) {
                         else if (!IN_SET(r, -ENOENT, -ENOTDIR))
                                 return r;
 
+                        filename = mfree(filename);
                         /* Empty the symlink names for the next run */
                         set_clear_free(symlink_names);
                 }