From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 17 Dec 2018 04:58:35 +0000 (-0800)
Subject: core: Fix use after free case in load_from_path()
X-Git-Tag: v240~46^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F11179%2Fhead;p=thirdparty%2Fsystemd.git

core: Fix use after free case in load_from_path()

ensure that mfree() on filename is called after the logging function
which uses the string pointed by filename

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index fc5644f4896..4ebe92fd45c 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -4531,7 +4531,6 @@ static int load_from_path(Unit *u, const char *path) {
                                 r = open_follow(&filename, &f, symlink_names, &id);
                         if (r >= 0)
                                 break;
-                        filename = mfree(filename);
 
                         /* ENOENT means that the file is missing or is a dangling symlink.
                          * ENOTDIR means that one of paths we expect to be is a directory
@@ -4543,6 +4542,7 @@ static int load_from_path(Unit *u, const char *path) {
                         else if (!IN_SET(r, -ENOENT, -ENOTDIR))
                                 return r;
 
+                        filename = mfree(filename);
                         /* Empty the symlink names for the next run */
                         set_clear_free(symlink_names);
                 }