Prevent heap corruption in CryptAcquireContext
mjung at iss.tu-darmstadt.de
Thu Jul 15 03:59:31 CDT 2004
this is a resubmit of a simple patch I've sent yesterday, but which was not
applied to cvs. I would like to give some detail on it: There is a section of
code labeled "error:" at the end of CryptAcquireContext, which releases
occupied resources in the case of an error. Amongst others, the allocated
memory pointed to by "keyname" is released. However, in some cases keyname is
released twice, once in the normal code and once in the error cleanup code.
CRYPT_Free uses LocalFree, which returns "NULL" if the memory was
successfully released. And it does basically nothing if it is called with a
"NULL" pointer. This means that by executing "keyname =
(PSTR)CRYPT_Free(keyname)" the second call to CRYPT_Free does basically
nothing, which is better than corrupting the heap ;)
Michael Jung, MSc Be liberal in what you accept,
Integrated Circuits and Systems Lab and conservative in what you send.
University of Technology, Darmstadt -- Jonathan Postel, Internet Pioneer
phone: +49(6151)16-6692 / email: mjung at iss.tu-darmstadt.de
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 640 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20040715/9a808779/dlls_advapi32_crypt_c_1.bin
More information about the wine-patches