discover/device-handler: Fix use-after-free when unmounting
authorJeremy Kerr <jk@ozlabs.org>
Wed, 9 Oct 2013 08:37:25 +0000 (16:37 +0800)
committerJeremy Kerr <jk@ozlabs.org>
Wed, 9 Oct 2013 09:22:46 +0000 (17:22 +0800)
We need to do the rmdir after clearing mount_path.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
discover/device-handler.c

index 04a44848d4c452db00e7c9e80cda0b5c6274ac9e..94abb514ab02f4ecd7c6f53aca81a94f7b8afb2f 100644 (file)
@@ -803,11 +803,12 @@ static int umount_device(struct discover_device *dev)
                return -1;
 
        dev->mounted = false;
                return -1;
 
        dev->mounted = false;
-       talloc_free(dev->mount_path);
-       dev->mount_path = NULL;
 
        pb_rmdir_recursive(mount_base(), dev->mount_path);
 
 
        pb_rmdir_recursive(mount_base(), dev->mount_path);
 
+       talloc_free(dev->mount_path);
+       dev->mount_path = NULL;
+
        return 0;
 }
 
        return 0;
 }