From b5877dceae52efc9aac741e5fb6ba97a8ffb9225 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 21 Jan 2011 11:10:59 +0100
Subject: api: fix use-after-free bug in nfct_destroy()

This patch fixes an embarasing a use-after-free in nfct_destroy()
that was introduced by myself in:

http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=fdda1474cc8654430f245b7f01c30e8ff171fa60

Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/api.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/conntrack')

diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 8e5b2fe..6b73817 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -89,9 +89,9 @@ struct nf_conntrack *nfct_new(void)
 void nfct_destroy(struct nf_conntrack *ct)
 {
 	assert(ct != NULL);
-	free(ct);
 	if (ct->secctx)
 		free(ct->secctx);
+	free(ct);
 	ct = NULL; /* bugtrap */
 }
 
-- 
cgit v1.2.3