From 02e77e656bb9cf7f7d0861382eb66c685efeb502 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 19 Oct 2021 11:57:32 -0600
Subject: [PATCH] Fix potential use-after-free when calling iolog_flush_all().
 We need to call iolog_flush_all() _before_ scheduling the commit point. If we
 fail to schedule to commit point, the closure will be freed. Coverity CID
 220557

---
 logsrvd/logsrvd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/logsrvd/logsrvd.c b/logsrvd/logsrvd.c
index c804825c5..1578b88bf 100644
--- a/logsrvd/logsrvd.c
+++ b/logsrvd/logsrvd.c
@@ -1160,15 +1160,15 @@ server_commit_cb(int unused, int what, void *v)
     TimeSpec commit_point = TIME_SPEC__INIT;
     debug_decl(server_commit_cb, SUDO_DEBUG_UTIL);
 
+    /* Flush I/O logs before sending commit point if needed. */
+    if (!iolog_get_flush())
+	iolog_flush_all(closure);
+
     commit_point.tv_sec = closure->elapsed_time.tv_sec;
     commit_point.tv_nsec = closure->elapsed_time.tv_nsec;
     if (!schedule_commit_point(&commit_point, closure))
 	connection_close(closure);
 
-    /* Flush I/O logs before sending commit point if needed. */
-    if (!iolog_get_flush())
-	iolog_flush_all(closure);
-
     debug_return;
 }