From 59dc76a1d641b1a6b22fd7cd409bee6e0a015616 Mon Sep 17 00:00:00 2001
From: Fred Klassen <fklassen@appneta.com>
Date: Sat, 20 Oct 2018 09:41:52 -0700
Subject: [PATCH] Bug #489 free after memcpy

---
 docs/CHANGELOG  | 1 +
 src/tcpbridge.c | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 197afd193..fa5c44f32 100644
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -1,5 +1,6 @@
 10/18/2018 Version 4.3.0 beta2
     - fix issues identifed by Codacy (#493)
+    - CVE-2018-18408 use-after-free in post_args (#489)
     - CVE-2018-18407 heap-buffer-overflow csum_replace4 (#488)
     - CVE-2018-17974 heap-buffer-overflow dlt_en10mb_encode (#486)
     - CVE-2018-17582 heap-buffer-overflow in get_next_packet (#484)
diff --git a/src/tcpbridge.c b/src/tcpbridge.c
index 41ada589e..16baa5c1d 100644
--- a/src/tcpbridge.c
+++ b/src/tcpbridge.c
@@ -215,8 +215,9 @@ post_args(_U_ int argc, _U_ char *argv[])
             warnx("Unable to get MAC address: %s", sendpacket_geterr(sp));
             err(-1, "Please consult the man page for using the -M option.");
         }
-        sendpacket_close(sp);
+
         memcpy(options.intf1_mac, eth_buff, ETHER_ADDR_LEN);
+        sendpacket_close(sp);
     }
 
     if (memcmp(options.intf2_mac, "\00\00\00\00\00\00", ETHER_ADDR_LEN) == 0) {
@@ -227,8 +228,9 @@ post_args(_U_ int argc, _U_ char *argv[])
             warnx("Unable to get MAC address: %s", sendpacket_geterr(sp));
             err(-1, "Please consult the man page for using the -M option.");
         }
-        sendpacket_close(sp);
+
         memcpy(options.intf2_mac, eth_buff, ETHER_ADDR_LEN);
+        sendpacket_close(sp);
     }
 
     /*