From 88461d53ec146e4531ce40293c38355549532723 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Tue, 21 Jan 2020 12:34:40 +0100
Subject: [PATCH] upekts: Fix use-after-free in an error condition

The callback function would continue processing even after having failed
the SSM already. This causes further invalid operations on the SSM.

This error was found using a coverity scan.
---
 libfprint/drivers/upekts.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libfprint/drivers/upekts.c b/libfprint/drivers/upekts.c
index 47903ef..08e98c6 100644
--- a/libfprint/drivers/upekts.c
+++ b/libfprint/drivers/upekts.c
@@ -902,8 +902,10 @@ enroll_start_sm_cb_msg28 (FpDevice *dev,
   FpiSsm *ssm = user_data;
 
   if (error)
-    fpi_ssm_mark_failed (ssm, error);
-  if (type != READ_MSG_RESPONSE)
+    {
+      fpi_ssm_mark_failed (ssm, error);
+    }
+  else if (type != READ_MSG_RESPONSE)
     {
       fp_err ("expected response, got %d seq=%x", type, seq);
       fpi_ssm_mark_failed (ssm, fpi_device_error_new_msg (FP_DEVICE_ERROR_PROTO,