pull up r20040 from trunk

 r20040@cathode-dark-space:  jaltman | 2007-10-01 16:09:55 -0400
 ticket: new
 subject: remove error tables by pointer
 tags: pullup
 target_version: 1.6.3

 On Windows, it is possible for the same DLL to be loaded
 into a process multiple times as separate instances.  Each
 time a DLL is loaded it registers its error tables at different
 locations in the process address space.  Removing the tables
 by base instead of pointer value can result in the error table
 list pointing at invalid memory.

ticket: 5801
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20079 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c
index 62be6a6e7fc6263018007eee95847d4e06520e49..897b7a24ca1e5ca6415b5504fe1fda3196f05dd0 100644 (file)
--- a/src/util/et/error_message.c
+++ b/src/util/et/error_message.c
@@ -338,17 +338,17 @@ remove_error_table(const struct error_table * et)
     if (merr)
        return merr;
 
-    /* Remove the first occurrance we can find.  Prefer dynamic
+    /* Remove the entry that matches the error table instance.  Prefer dynamic
        entries, but if there are none, check for a static one too.  */
     for (del = &et_list_dynamic; *del; del = &(*del)->next)
-       if ((*del)->table->base == et->base) {
+       if ((*del)->table == et) {
            /*@only@*/ struct dynamic_et_list *old = *del;
            *del = old->next;
            free (old);
            return k5_mutex_unlock(&et_list_lock);
        }
     for (el = &_et_list; *el; el = &(*el)->next)
-       if ((*el)->table != NULL && (*el)->table->base == et->base) {
+       if ((*el)->table == et) {
            struct et_list *old = *el;
            *el = old->next;
            old->next = NULL;