And a previously created context is passed, which may later be destroyed on its own, causing a double free.
This happens when running the ntlm tests.
-- v2: msv1_0: Avoid double free when SpInitLsaModeContext fails. msv1_0: Avoid double free when SpAcceptLsaModeContext fails.
From: Rémi Bernon rbernon@codeweavers.com
And a previously created context is passed, which may later be destroyed on its own, causing a double free. --- dlls/msv1_0/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/msv1_0/main.c b/dlls/msv1_0/main.c index d416da13465..e4890d00a42 100644 --- a/dlls/msv1_0/main.c +++ b/dlls/msv1_0/main.c @@ -1078,7 +1078,7 @@ static NTSTATUS NTAPI ntlm_SpAcceptLsaModeContext( LSA_SEC_HANDLE cred_handle, L }
done: - if (status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) + if (status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED && !ctx_handle) { ntlm_cleanup( ctx ); free( ctx );
From: Rémi Bernon rbernon@codeweavers.com
--- dlls/msv1_0/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/msv1_0/main.c b/dlls/msv1_0/main.c index e4890d00a42..a877d974486 100644 --- a/dlls/msv1_0/main.c +++ b/dlls/msv1_0/main.c @@ -862,7 +862,7 @@ static NTSTATUS NTAPI ntlm_SpInitLsaModeContext( LSA_SEC_HANDLE cred_handle, LSA }
done: - if (status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) + if (status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED && !ctx_handle && !input) { ntlm_cleanup( ctx ); free( ctx );
This merge request was approved by Hans Leidekker.
-
Hans Leidekker (@hans) -
Rémi Bernon
-
Rémi Bernon (@rbernon)