Prevent heap corruption in CryptAcquireContext

[Alexandre Julliard]

Michael Jung <mjung at iss.tu-darmstadt.de> writes:

> this is a resubmit of a simple patch I've sent yesterday, but which was not 
> applied to cvs. I would like to give some detail on it: There is a section of 
> code labeled "error:" at the end of CryptAcquireContext, which releases 
> occupied resources in the case of an error. Amongst others, the allocated 
> memory pointed to by "keyname" is released. However, in some cases keyname is 
> released twice, once in the normal code and once in the error cleanup code. 
> CRYPT_Free uses LocalFree, which returns "NULL" if the memory was 
> successfully released. And it does basically nothing if it is called with a 
> "NULL" pointer. This means that by executing "keyname = 
> (PSTR)CRYPT_Free(keyname)" the second call to CRYPT_Free does basically 
> nothing, which is better than corrupting the heap ;)

The patch is OK, but it would be better to really avoid calling
CRYPT_Free twice, and also to fix all the other places in that
function that have the same problem.

-- 
Alexandre Julliard
julliard at winehq.org