From 29174ba87d6f6b11613262ac69c7952f95b90355 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 4 Feb 2015 20:46:10 +0000
Subject: [PATCH] Fix a use-after-free in idle and ftp bounce scans

PortList::forgetPort in verbose mode tries to print details on a Port
after it has been deleted. This function is only called in idle and ftp
bounce scans. Reported by Mak Kolybabi:
http://seclists.org/nmap-dev/2015/q1/129
---
 portlist.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/portlist.cc b/portlist.cc
index 93e7e2378..76635cf5d 100644
--- a/portlist.cc
+++ b/portlist.cc
@@ -721,8 +721,6 @@ int PortList::forgetPort(u16 portno, u8 protocol) {
   state_counts_proto[protocol][answer->state]--;
   state_counts_proto[protocol][default_port_state[protocol].state]++;
 
-  delete answer;
-
   port_list[protocol][portno] = NULL;
 
   if (o.verbose) {
@@ -732,6 +730,7 @@ int PortList::forgetPort(u16 portno, u8 protocol) {
     log_flush(LOG_STDOUT);
   }
 
+  delete answer;
   return 0;
 }