[xen staging] tools/xenstored: Avoid dereferencing a NULL pointer if LiveUpdate is failing

[patchbot@xxxxxxx]

commit 29fae90baa14f518407fe7c437d38af768a3134c
Author:     Julien Grall <jgrall@xxxxxxxxxx>
AuthorDate: Fri Feb 26 18:26:55 2021 +0000
Commit:     Julien Grall <jgrall@xxxxxxxxxx>
CommitDate: Tue Mar 2 09:42:21 2021 +0000

    tools/xenstored: Avoid dereferencing a NULL pointer if LiveUpdate is failing
    
    In case of failure in do_lu_start(), XenStored will first free lu_start
    and then try to dereference it.
    
    This will result to a NULL dereference as the destruction callback will
    set lu_start to NULL.
    
    The crash can be avoided by freeing lu_start *after* the reply has been
    set.
    
    Fixes: af216a99fb4a ("tools/xenstore: add the basic framework for doing the 
live update")
    Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
    Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
    Release-Acked-by: Ian Jackson <iwj@xxxxxxxxxxxxxx>
---
 tools/xenstore/xenstored_control.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tools/xenstore/xenstored_control.c 
b/tools/xenstore/xenstored_control.c
index 653890f2d9..766b243839 100644
--- a/tools/xenstore/xenstored_control.c
+++ b/tools/xenstore/xenstored_control.c
@@ -657,9 +657,8 @@ static bool do_lu_start(struct delayed_request *req)
 
        /* We will reach this point only in case of failure. */
  out:
-       talloc_free(lu_status);
-
        send_reply(lu_status->conn, XS_CONTROL, ret, strlen(ret) + 1);
+       talloc_free(lu_status);
 
        return true;
 }
--
generated by git-patchbot for /home/xen/git/xen.git#staging