attrib: Fix use after free of attrib

If attrib is freed in cmd->func(), then it will be used if either
request or response queue has some data to send.

This patch moves calling wake_up_sender() which increases the ref
count of attrib so that it wont get freed in cmd->func().

diff --git a/attrib/gattrib.c b/attrib/gattrib.c
index f95f2fb..37581a3 100644 (file)
--- a/attrib/gattrib.c
+++ b/attrib/gattrib.c
@@ -446,6 +446,10 @@ static gboolean received_data(GIOChannel *io, GIOCondition cond, gpointer data)
        status = 0;
 
 done:
+       if (!g_queue_is_empty(attrib->requests) ||
+                                       !g_queue_is_empty(attrib->responses))
+               wake_up_sender(attrib);
+
        if (cmd) {
                if (cmd->func)
                        cmd->func(status, buf, len, cmd->user_data);
@@ -453,10 +457,6 @@ done:
                command_destroy(cmd);
        }
 
-       if (!g_queue_is_empty(attrib->requests) ||
-                                       !g_queue_is_empty(attrib->responses))
-               wake_up_sender(attrib);
-
        return TRUE;
 }