lib: Fix use after free in fuse_flush()

author: Miklos Szeredi <miklos@szeredi.hu> 2006-12-15 16:14:58 +0000
committer: Miklos Szeredi <miklos@szeredi.hu> 2006-12-15 16:14:58 +0000
commit: fff54954c5ea8cfd1696cafba5d60e4c8630d854 (patch)
tree: eee7c80d6a3aeec64f91e9b321b0d4bcadbf0366
parent: 8ac32f4245d71bc0cfb7c6b8edc9ad7f3a953ca6 (diff)
download: fuse-fff54954c5ea8cfd1696cafba5d60e4c8630d854.tar.gz
2 files changed, 6 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index a28a5b0..57f5e37 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-12-15  Miklos Szeredi <miklos@szeredi.hu>
+
+	* lib: Fix use after free in fuse_flush().  Reported by Ron
+	Lindman
+
 2006-12-04  Miklos Szeredi <miklos@szeredi.hu>
 
 	* Fix warnings with gcc-4.1 on 64bit archs.  Report from
diff --git a/lib/fuse.c b/lib/fuse.c
index 4446245..f63c866 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -2295,7 +2295,6 @@ static void fuse_flush(fuse_req_t req, fuse_ino_t ino,
         err = -ENOSYS;
         if (f->op.flush)
             err = fuse_do_flush(f, req, path, fi);
-        free(path);
     }
     if (f->op.lock) {
         struct flock lock;
@@ -2314,6 +2313,7 @@ static void fuse_flush(fuse_req_t req, fuse_ino_t ino,
         if (err == -ENOSYS)
             err = 0;
     }
+    free(path);
     pthread_rwlock_unlock(&f->tree_lock);
     reply_err(req, err);
 }
author	Miklos Szeredi <miklos@szeredi.hu>	2006-12-15 16:14:58 +0000
committer	Miklos Szeredi <miklos@szeredi.hu>	2006-12-15 16:14:58 +0000
commit	fff54954c5ea8cfd1696cafba5d60e4c8630d854 (patch)
tree	eee7c80d6a3aeec64f91e9b321b0d4bcadbf0366
parent	8ac32f4245d71bc0cfb7c6b8edc9ad7f3a953ca6 (diff)
download	fuse-fff54954c5ea8cfd1696cafba5d60e4c8630d854.tar.gz