From ed5a4f2092c5ce22546647ec0beaf84c39f2ef38 Mon Sep 17 00:00:00 2001
From: truckman <truckman@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Mon, 23 May 2016 04:50:01 +0000
Subject: [PATCH] MFC r299894

pdu_delete(request) frees request, so move the call after
login_new_response(request) to avoid a use-after-free error

Reported by:	Coverity
CID:		1331219, 1331220


git-svn-id: svn://svn.freebsd.org/base/stable/10@300450 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 usr.sbin/ctld/login.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr.sbin/ctld/login.c b/usr.sbin/ctld/login.c
index 7cfc5e0c3..753381f80 100644
--- a/usr.sbin/ctld/login.c
+++ b/usr.sbin/ctld/login.c
@@ -754,10 +754,10 @@ login_wait_transition(struct connection *conn)
 		login_send_error(request, 0x02, 0x00);
 		log_errx(1, "got no \"T\" flag after answering AuthMethod");
 	}
-	pdu_delete(request);
 
 	log_debugx("got state transition request");
 	response = login_new_response(request);
+	pdu_delete(request);
 	login_set_nsg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION);
 	pdu_send(response);
 	pdu_delete(response);
-- 
2.45.0