nfs_parse_url_incomplete: fix use after free in param parsing

if no server is specified flagsp points into urls->server.

Signed-off-by: Peter Lieven <pl@kamp.de>

diff --git a/lib/libnfs.c b/lib/libnfs.c
index b90205d7778907141051e673e5312ef63ead3c1f..38da45c75732db7c960d43d6e8513d7b6dc7509f 100644 (file)
--- a/lib/libnfs.c
+++ b/lib/libnfs.c
@@ -277,11 +277,6 @@ flags:
                }
        }
 
-       if (urls->server && strlen(urls->server) <= 1) {
-               free(urls->server);
-               urls->server = NULL;
-       }
-
        while (flagsp != NULL && *(flagsp+1) != 0) {
                strp = flagsp + 1;
                flagsp = strchr(strp, '&');
@@ -297,6 +292,11 @@ flags:
                }
        }
 
+       if (urls->server && strlen(urls->server) <= 1) {
+               free(urls->server);
+               urls->server = NULL;
+       }
+
        return urls;
 }