attach: prevent UAF

Fixes: Coverity 1472761
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index e9f35d711e4c4aa55b553220de9cdb77e4384649..3158d788637e90c1486be2d607bb1f2f6fb615ba 100644 (file)
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -1190,8 +1190,6 @@ __noreturn static void do_attach(struct attach_payload *ap)
                TRACE("Prepared terminal file descriptor %d", ap->terminal_pts_fd);
        }
 
-       put_attach_payload(ap);
-
        /* Avoid unnecessary syscalls. */
        if (ctx->setup_ns_uid == ctx->target_ns_uid)
                ctx->target_ns_uid = LXC_INVALID_UID;
@@ -1210,11 +1208,14 @@ __noreturn static void do_attach(struct attach_payload *ap)
        if (!lxc_switch_uid_gid(ctx->target_ns_uid, ctx->target_ns_gid))
                goto on_error;
 
+       put_attach_payload(ap);
+
        /* We're done, so we can now do whatever the user intended us to do. */
        _exit(attach_function(attach_function_args));
 
 on_error:
        ERROR("Failed to attach to container");
+       put_attach_payload(ap);
        _exit(EXIT_FAILURE);
 }