From c571efefebc305b2049eb55458cb0ac1dc3202bb Mon Sep 17 00:00:00 2001
From: Daniel-Constantin Mierla <miconda@gmail.com>
Date: Mon, 19 Nov 2018 09:47:58 +0100
Subject: [PATCH] smsops: free after error log message printing a field

---
 src/modules/smsops/smsops_impl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/smsops/smsops_impl.c b/src/modules/smsops/smsops_impl.c
index 8150d081d66..8df667bb776 100644
--- a/src/modules/smsops/smsops_impl.c
+++ b/src/modules/smsops/smsops_impl.c
@@ -564,9 +564,9 @@ int decode_3gpp_sms(struct sip_msg *msg) {
 
 							// Check for malicious length, which might cause buffer overflow
 							if(udh_read + ie->data.len + 2 /* two octets are read so far */ > udh_len) {
-								pkg_free(ie);
 								LM_ERR("IE Lenght for IE id %d is bigger than the remaining User-Data element!\n",
 																									ie->identifier);
+								pkg_free(ie);
 								return -1;
 							}