From 56683ae9a81e61f2ac6e77d2d28de7b568522ac6 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 16 Dec 2018 20:58:35 -0800
Subject: [PATCH] (backport) core: Fix use after free case in load_from_path()

ensure that mfree() on filename is called after the logging function
which uses the string pointed by filename

Change-Id: I126ff9068ff62ab658cafb80f0c8c12398e321ba
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 src/core/load-fragment.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 8d01a0b..58a76fc 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -4387,7 +4387,6 @@ static int load_from_path(Unit *u, const char *path) {
                                 r = open_follow(&filename, &f, symlink_names, &id);
                         if (r >= 0)
                                 break;
-                        filename = mfree(filename);
 
                         /* ENOENT means that the file is missing or is a dangling symlink.
                          * ENOTDIR means that one of paths we expect to be is a directory
@@ -4399,6 +4398,7 @@ static int load_from_path(Unit *u, const char *path) {
                         else if (!IN_SET(r, -ENOENT, -ENOTDIR))
                                 return r;
 
+                        filename = mfree(filename);
                         /* Empty the symlink names for the next run */
                         set_clear_free(symlink_names);
                 }
-- 
2.7.4