From cc3d6fd2ba67f79965828e82e2947611354ab974 Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Wed, 25 Dec 2013 05:16:36 +0100
Subject: [PATCH] connection: fix access-after-free

---
 connection.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/connection.c b/connection.c
index 8e6866b..2d13658 100644
--- a/connection.c
+++ b/connection.c
@@ -1060,10 +1060,11 @@ int kdbus_conn_drop_msg(struct kdbus_conn *conn)
 				 struct kdbus_conn_queue, entry);
 	list_del(&queue->entry);
 	conn->msg_count--;
+
+	kdbus_pool_free_range(conn->pool, queue->off);
 	mutex_unlock(&conn->lock);
 
 	kdbus_conn_queue_cleanup(queue);
-	kdbus_pool_free_range(conn->pool, queue->off);
 	return 0;
 
 exit_unlock:
-- 
2.34.1