Prevent heap corruption in CryptAcquireContext
Alexandre Julliard
julliard at winehq.org
Thu Jul 15 13:15:35 CDT 2004
Michael Jung <mjung at iss.tu-darmstadt.de> writes:
> this is a resubmit of a simple patch I've sent yesterday, but which was not
> applied to cvs. I would like to give some detail on it: There is a section of
> code labeled "error:" at the end of CryptAcquireContext, which releases
> occupied resources in the case of an error. Amongst others, the allocated
> memory pointed to by "keyname" is released. However, in some cases keyname is
> released twice, once in the normal code and once in the error cleanup code.
> CRYPT_Free uses LocalFree, which returns "NULL" if the memory was
> successfully released. And it does basically nothing if it is called with a
> "NULL" pointer. This means that by executing "keyname =
> (PSTR)CRYPT_Free(keyname)" the second call to CRYPT_Free does basically
> nothing, which is better than corrupting the heap ;)
The patch is OK, but it would be better to really avoid calling
CRYPT_Free twice, and also to fix all the other places in that
function that have the same problem.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list