From 87272919ad52e7664409546a11e6376c795a92a6 Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@suse.de>
Date: Tue, 18 Aug 2020 15:15:12 +0200
Subject: [PATCH] pdu: fix use after free during cancellation

Fixes: 10868c4 ("libiscsi: Avoid discontinuities in cmdsn ordering in some cases")
Signed-off-by: David Disseldorp <ddiss@suse.de>
---
 lib/pdu.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/pdu.c b/lib/pdu.c
index 0f52504..524144a 100644
--- a/lib/pdu.c
+++ b/lib/pdu.c
@@ -788,13 +788,11 @@ iscsi_cancel_pdus(struct iscsi_context *iscsi)
 			pdu->callback(iscsi, SCSI_STATUS_CANCELLED,
 			              NULL, pdu->private_data);
 		}
-		iscsi->drv->free_pdu(iscsi, pdu);
 		if (!(pdu->outdata.data[0] & ISCSI_PDU_IMMEDIATE) &&
 		    (pdu->outdata.data[0] & 0x3f) != ISCSI_PDU_DATA_OUT) {
 			iscsi->cmdsn--;
 		}
-
-
+		iscsi->drv->free_pdu(iscsi, pdu);
 	}
 	while ((pdu = iscsi->waitpdu)) {
 		ISCSI_LIST_REMOVE(&iscsi->waitpdu, pdu);