attach: prevent UAF

Fixes: Coverity 1472761 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: prevent UAF
cd5f35ec · Christian Brauner · 32947602 · cd5f35ec
Unverified Commit cd5f35ec authored Feb 01, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

attach.c src/lxc/attach.c +3 -2

No files found.
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -1190,8 +1190,6 @@ __noreturn static void do_attach(struct attach_payload *ap)
 		TRACE("Prepared terminal file descriptor %d", ap->terminal_pts_fd);
 	}

-	put_attach_payload(ap);
-
 	/* Avoid unnecessary syscalls. */
 	if (ctx->setup_ns_uid == ctx->target_ns_uid)
 		ctx->target_ns_uid = LXC_INVALID_UID;
@@ -1210,11 +1208,14 @@ __noreturn static void do_attach(struct attach_payload *ap)
 	if (!lxc_switch_uid_gid(ctx->target_ns_uid, ctx->target_ns_gid))
 		goto on_error;

+	put_attach_payload(ap);
+
 	/* We're done, so we can now do whatever the user intended us to do. */
 	_exit(attach_function(attach_function_args));

 on_error:
 	ERROR("Failed to attach to container");
+	put_attach_payload(ap);
 	_exit(EXIT_FAILURE);
 }