From f86ec180c049f3344d18a2675ce95cdf7a7e62b7 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Wed, 14 Sep 2011 17:09:19 +0200
Subject: [PATCH] ubusd: fix a use after free bug

---
 ubusd_proto.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ubusd_proto.c b/ubusd_proto.c
index 902eb0f..821c24a 100644
--- a/ubusd_proto.c
+++ b/ubusd_proto.c
@@ -207,6 +207,7 @@ static int ubusd_handle_lookup(struct ubus_client *cl, struct ubus_msg_buf *ub,
 
 static int ubusd_handle_invoke(struct ubus_client *cl, struct ubus_msg_buf *ub, struct blob_attr **attr)
 {
+	struct ubus_msg_buf *ub_new;
 	struct ubus_object *obj = NULL;
 	struct ubus_id *id;
 	const char *method;
@@ -232,9 +233,10 @@ static int ubusd_handle_invoke(struct ubus_client *cl, struct ubus_msg_buf *ub,
 		blob_put(&b, UBUS_ATTR_DATA, blob_data(attr[UBUS_ATTR_DATA]),
 			 blob_len(attr[UBUS_ATTR_DATA]));
 
+	ub_new = ubus_reply_from_blob(ub, true);
 	ubus_msg_free(ub);
+	ub = ub_new;
 
-	ub = ubus_reply_from_blob(ub, true);
 	if (!ub)
 		return UBUS_STATUS_NO_DATA;
 
-- 
2.11.0