From ec77f107fa27b9cefbb3fe3400f7905e5d101e76 Mon Sep 17 00:00:00 2001
From: Don Lewis <truckman@FreeBSD.org>
Date: Mon, 16 May 2016 04:43:47 +0000
Subject: [PATCH] pdu_delete(request) frees request, so move the call after
 login_new_response(request) to avoid a use-after-free error

Reported by:	Coverity
Reviewed by:	1331219, 1331220
---
 usr.sbin/ctld/login.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr.sbin/ctld/login.c b/usr.sbin/ctld/login.c
index 3710dbc4fd6..f767d882674 100644
--- a/usr.sbin/ctld/login.c
+++ b/usr.sbin/ctld/login.c
@@ -767,10 +767,10 @@ login_wait_transition(struct connection *conn)
 		login_send_error(request, 0x02, 0x00);
 		log_errx(1, "got no \"T\" flag after answering AuthMethod");
 	}
-	pdu_delete(request);
 
 	log_debugx("got state transition request");
 	response = login_new_response(request);
+	pdu_delete(request);
 	login_set_nsg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION);
 	pdu_send(response);
 	pdu_delete(response);