From 212b46b1d95a79d0dce0560c71ffc084df18be55 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Tue, 20 Jun 2017 10:10:17 +0930
Subject: [PATCH] lightningd/cryptomsg: fix use-after-free introduced by
 dev_disconnect.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 lightningd/cryptomsg.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lightningd/cryptomsg.c b/lightningd/cryptomsg.c
index 0bbb46c85..532246c9a 100644
--- a/lightningd/cryptomsg.c
+++ b/lightningd/cryptomsg.c
@@ -332,6 +332,7 @@ struct io_plan *peer_write_message(struct io_conn *conn,
 							   struct peer *))
 {
 	struct io_plan *(*post)(struct io_conn *, struct peer_crypto_state *);
+	int type = fromwire_peektype(msg);
 	assert(!pcs->out);
 
 	pcs->out = cryptomsg_encrypt_msg(conn, &pcs->cs, msg);
@@ -341,7 +342,7 @@ struct io_plan *peer_write_message(struct io_conn *conn,
 
 	post = peer_write_done;
 
-	switch (dev_disconnect(fromwire_peektype(msg))) {
+	switch (dev_disconnect(type)) {
 	case DEV_DISCONNECT_BEFORE:
 		return io_close(conn);
 	case DEV_DISCONNECT_DROPPKT: