libbb: fix use-after-free in copy_file

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/libbb/copy_file.c b/libbb/copy_file.c
index 98bd4fe72cadfa55460a3af4f1ed095872b05e6c..2d6557cd44e2a857e64e497263e900a07de7e654 100644 (file)
--- a/libbb/copy_file.c
+++ b/libbb/copy_file.c
@@ -388,14 +388,15 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
                char *lpath = xmalloc_readlink_or_warn(source);
                if (lpath) {
                        int r = symlink(lpath, dest);
-                       free(lpath);
                        if (r < 0) {
                                /* shared message */
                                bb_perror_msg("can't create %slink '%s' to '%s'",
                                        "sym", dest, lpath
                                );
+                               free(lpath);
                                return -1;
                        }
+                       free(lpath);
                        if (flags & FILEUTILS_PRESERVE_STATUS)
                                if (lchown(dest, source_stat.st_uid, source_stat.st_gid) < 0)
                                        bb_perror_msg("can't preserve %s of '%s'", "ownership", dest);