From c4f34e487fbf061ee6385d1f75e4ef0084c9a1ba Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jk@ozlabs.org>
Date: Fri, 29 Nov 2013 13:44:54 +0800
Subject: [PATCH 1/1] discover/udev: copy dev->device path from udev devnode

We're seeing a use-after-free, as the udev path is freed before the
discover device.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---
 discover/udev.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/discover/udev.c b/discover/udev.c
index 48ab745..5aa2898 100644
--- a/discover/udev.c
+++ b/discover/udev.c
@@ -105,7 +105,8 @@ static int udev_handle_dev_add(struct pb_udev *udev, struct udev_device *dev)
 
 	ddev = discover_device_create(udev->handler, name);
 
-	ddev->device_path = udev_device_get_devnode(dev);
+	ddev->device_path = talloc_strdup(ddev, udev_device_get_devnode(dev));
+
 	prop = udev_device_get_property_value(dev, "ID_FS_UUID");
 	if (prop)
 		ddev->uuid = talloc_strdup(ddev, prop);
-- 
2.39.2