git: 3bbd1a1a0056 - main - camcontrol powermode: fix use-after-free

From: Eric van Gyzen <vangyzen_at_FreeBSD.org>
Date: Wed, 29 Mar 2023 18:26:42 UTC 
The branch main has been updated by vangyzen:

URL: https://cgit.FreeBSD.org/src/commit/?id=3bbd1a1a005698fcf1aaeae0065a8f2f97fdf4be

commit 3bbd1a1a005698fcf1aaeae0065a8f2f97fdf4be
Author:     Eric van Gyzen <vangyzen@FreeBSD.org>
AuthorDate: 2023-03-29 19:14:40 +0000
Commit:     Eric van Gyzen <vangyzen@FreeBSD.org>
CommitDate: 2023-03-29 19:17:16 +0000

    camcontrol powermode: fix use-after-free
    
    Free the ccb after processing the response therein.
    
    Reported by:    Coverity
    Fixes:          3bed0179ee571ba3ceadb2773f86d57af8bc5499
    MFC after:      1 week
    Sponsored by:   Dell EMC Isilon
---
 sbin/camcontrol/camcontrol.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/sbin/camcontrol/camcontrol.c b/sbin/camcontrol/camcontrol.c
index 489c3026537a..9e50fbf2646e 100644
--- a/sbin/camcontrol/camcontrol.c
+++ b/sbin/camcontrol/camcontrol.c
@@ -9312,12 +9312,11 @@ atapm(struct cam_device *device, int argc, char **argv,
 	    /*timeout*/timeout ? timeout : 30 * 1000,
 	    /*force48bit*/0);
 
-	cam_freeccb(ccb);
-
-	if (retval || cmd != ATA_CHECK_POWER_MODE)
-		return (retval);
+	if (retval == 0 && cmd == ATA_CHECK_POWER_MODE)
+		retval = atapm_proc_resp(device, ccb);
 
-	return (atapm_proc_resp(device, ccb));
+	cam_freeccb(ccb);
+	return (retval);
 }
 
 static int