Nikolay Sivov : secur32/schannel: Avoid use-after-free in AcquireClientCredentials() (Coverity).
Alexandre Julliard
julliard at winehq.org
Mon Jun 6 16:10:29 CDT 2022
Module: wine
Branch: master
Commit: e44a9d2c2f26bac43321433ff6fc027373119852
URL: https://source.winehq.org/git/wine.git/?a=commit;h=e44a9d2c2f26bac43321433ff6fc027373119852
Author: Nikolay Sivov <nsivov at codeweavers.com>
Date: Sat Jun 4 18:05:53 2022 +0300
secur32/schannel: Avoid use-after-free in AcquireClientCredentials() (Coverity).
Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
---
dlls/secur32/schannel.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c
index bc0867ca94b..5b4fb196aca 100644
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -589,8 +589,9 @@ static SECURITY_STATUS schan_AcquireClientCredentials(const void *schanCred,
}
params.key_size = key_size;
params.key_blob = key_blob;
- if (GNUTLS_CALL( allocate_certificate_credentials, ¶ms )) goto fail;
+ status = GNUTLS_CALL( allocate_certificate_credentials, ¶ms );
free(key_blob);
+ if (status) goto fail;
handle = schan_alloc_handle(creds, SCHAN_HANDLE_CRED);
if (handle == SCHAN_INVALID_HANDLE) goto fail;
@@ -609,7 +610,6 @@ static SECURITY_STATUS schan_AcquireClientCredentials(const void *schanCred,
fail:
free(creds);
- free(key_blob);
return SEC_E_INTERNAL_ERROR;
}
More information about the wine-cvs
mailing list