[PATCH v2 0/1] MR1821: bcrypt: Use volatile type cast to zero magic values before free.
The compiler may optimize out the assignment before free and then second free on the bcrypt handle finds magic values in the freed memory. -- v2: bcrypt: Use SecureZeroMemory() to zero magic values before free. https://gitlab.winehq.org/wine/wine/-/merge_requests/1821
From: Paul Gofman <gofmanp(a)gmail.com> The compiler may optimize out the assignment before free and then second free on the bcrypt handle finds magic values in the freed memory. --- dlls/bcrypt/bcrypt_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c index 72501faf90e..cf05e8b4d44 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -397,7 +397,7 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, const WC static void destroy_object( struct object *obj ) { - obj->magic = 0; + SecureZeroMemory( &obj->magic, sizeof(obj->magic) ); free( obj ); } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/1821
v2: - Use SecureZeroMemory() instead of (volatile) cast. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1821#note_19688
participants (2)
-
Paul Gofman -
Paul Gofman (@gofman)