[PATCH 0/1] MR1955: msv1_0: Avoid double free when SpAcceptLsaModeContext fails.
And a previously created context is passed, which may later be destroyed on its own, causing a double free. This happens when running the ntlm tests. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1955
From: Rémi Bernon <rbernon(a)codeweavers.com> And a previously created context is passed, which may later be destroyed on its own, causing a double free. --- dlls/msv1_0/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/msv1_0/main.c b/dlls/msv1_0/main.c index d416da13465..e4890d00a42 100644 --- a/dlls/msv1_0/main.c +++ b/dlls/msv1_0/main.c @@ -1078,7 +1078,7 @@ static NTSTATUS NTAPI ntlm_SpAcceptLsaModeContext( LSA_SEC_HANDLE cred_handle, L } done: - if (status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) + if (status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED && !ctx_handle) { ntlm_cleanup( ctx ); free( ctx ); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/1955
Looks like ntlm_SpInitLsaModeContext() could use the same treatment, although the condition is different there: !ctx_handle && !input. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1955#note_20881
participants (2)
-
Hans Leidekker (@hans) -
Rémi Bernon