r19865@cathode-dark-space: jaltman | 2007-08-24 10:47:30 -0400
ticket: new
subject: NIM: khcint_remove_space() frees memory too soon
component: windows
The Network Identity Manager Configuration Provider module keeps track
of the application and plug-in configuration settings organized into
configuration spaces. The state of each configuration space is
maintained in a reference counted object. Once all the references are
released, the Configuration Provider will attempt to free the
resources allocated for the object.
If the configuration space was marked for deletion, then the registry
keys associated with the object need to be deleted when the
object is being discarded. Due to a coding error, the memory
allocated for the object would be freed before the associated registry
keys were deleted. This could result in a memory access error.
The patch corrects the code in khcint_remove_space() to free the
allocated memory after all the remaining clean-up steps have been
performed.
ticket: 5686
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20000
dc483132-0cff-0310-8789-
dd5450dbe970
kconf_conf_space * cc;
kconf_conf_space * cn;
kconf_conf_space * p;
+ khm_boolean free_c = FALSE;
/* TODO: if this is the last child space and the parent is marked
for deletion, delete the parent as well. */
cc = TFIRSTCHILD(c);
if (!cc && c->refcount == 0) {
TDELCHILD(p, c);
- khcint_free_space(c);
+ free_c = TRUE;
} else {
c->flags |= (flags &
(KCONF_SPACE_FLAG_DELETE_M |
}
}
+ if (free_c) {
+ khcint_free_space(c);
+ }
+
return KHM_ERROR_SUCCESS;
}
projects / krb5.git / commitdiff