From 9a93f8727414c33f9efa5448b468533a347cf519 Mon Sep 17 00:00:00 2001
From: Eric Chen
Date: Wed, 28 Nov 2018 18:17:24 +0800
Subject: client: Fix Use-after-Free in handling of SavePairRecord message when
 reading device id

---
 src/client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/client.c b/src/client.c
index c566d8c..3472e6e 100644
--- a/src/client.c
+++ b/src/client.c
@@ -750,7 +750,6 @@ static int client_command(struct mux_client *client, struct usbmuxd_header *hdr)
 					if (rdata && plist_get_node_type(rdata) == PLIST_DATA) {
 						plist_get_data_val(rdata, &record_data, &record_size);
 					}
-					plist_free(dict);
 
 					if (record_id && record_data) {
 						res = config_set_device_record(record_id, record_data, record_size);
@@ -790,6 +789,7 @@ static int client_command(struct mux_client *client, struct usbmuxd_header *hdr)
 						rval = EINVAL;
 					}
 					free(record_data);
+					plist_free(dict);
 					if (send_result(client, hdr->tag, rval) < 0)
 						return -1;
 					return 0;
-- 
cgit v1.1-32-gdbae