Prevent heap corruption in CryptAcquireContext

Michael Jung mjung at
Thu Jul 15 03:59:31 CDT 2004


this is a resubmit of a simple patch I've sent yesterday, but which was not 
applied to cvs. I would like to give some detail on it: There is a section of 
code labeled "error:" at the end of CryptAcquireContext, which releases 
occupied resources in the case of an error. Amongst others, the allocated 
memory pointed to by "keyname" is released. However, in some cases keyname is 
released twice, once in the normal code and once in the error cleanup code. 
CRYPT_Free uses LocalFree, which returns "NULL" if the memory was 
successfully released. And it does basically nothing if it is called with a 
"NULL" pointer. This means that by executing "keyname = 
(PSTR)CRYPT_Free(keyname)" the second call to CRYPT_Free does basically 
nothing, which is better than corrupting the heap ;)


Michael Jung, MSc                               Be liberal in what you accept,
Integrated Circuits and Systems Lab         and conservative in what you send. 
University of Technology, Darmstadt       -- Jonathan Postel, Internet Pioneer
phone: +49(6151)16-6692 / email: mjung at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dlls_advapi32_crypt_c_1.diff
Type: text/x-diff
Size: 640 bytes
Desc: not available
Url :

More information about the wine-patches mailing list