connection: fix access-after-free

author Kay Sievers <kay@vrfy.org>

Wed, 25 Dec 2013 04:16:36 +0000 (05:16 +0100)

committer Kay Sievers <kay@vrfy.org>

Wed, 25 Dec 2013 04:16:36 +0000 (05:16 +0100)
author Kay Sievers <kay@vrfy.org>
Wed, 25 Dec 2013 04:16:36 +0000 (05:16 +0100)
committer Kay Sievers <kay@vrfy.org>
Wed, 25 Dec 2013 04:16:36 +0000 (05:16 +0100)
diff --git a/connection.c b/connection.c

index 8e6866b92711e5bd8a02f3b14276d8a61f569032..2d13658819c666ffa2d7d79add017030f78f6a5c 100644 (file)
--- a/connection.c
+++ b/connection.c
@@ -1060,10 +1060,11 @@ int kdbus_conn_drop_msg(struct kdbus_conn *conn)
                                  struct kdbus_conn_queue, entry);
         list_del(&queue->entry);
         conn->msg_count--;
+
+       kdbus_pool_free_range(conn->pool, queue->off);
         mutex_unlock(&conn->lock);
  
         kdbus_conn_queue_cleanup(queue);
-       kdbus_pool_free_range(conn->pool, queue->off);
         return 0;
  
  exit_unlock:
author	Kay Sievers <kay@vrfy.org>
	Wed, 25 Dec 2013 04:16:36 +0000 (05:16 +0100)
committer	Kay Sievers <kay@vrfy.org>
	Wed, 25 Dec 2013 04:16:36 +0000 (05:16 +0100)