From a964ae7307a9add054349601ee00616594864283 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Fri, 24 Aug 2007 14:47:30 +0000 Subject: [PATCH] NIM: khcint_remove_space() frees memory too soon The Network Identity Manager Configuration Provider module keeps track of the application and plug-in configuration settings organized into configuration spaces. The state of each configuration space is maintained in a reference counted object. Once all the references are released, the Configuration Provider will attempt to free the resources allocated for the object. If the configuration space was marked for deletion, then the registry keys associated with the object need to be deleted when the object is being discarded. Due to a coding error, the memory allocated for the object would be freed before the associated registry keys were deleted. This could result in a memory access error. The patch corrects the code in khcint_remove_space() to free the allocated memory after all the remaining clean-up steps have been performed. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19865 dc483132-0cff-0310-8789-dd5450dbe970 --- src/windows/identity/kconfig/api.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/windows/identity/kconfig/api.c b/src/windows/identity/kconfig/api.c index 6c7ac8e47..f9cd64855 100644 --- a/src/windows/identity/kconfig/api.c +++ b/src/windows/identity/kconfig/api.c @@ -2105,6 +2105,7 @@ khcint_remove_space(kconf_conf_space * c, khm_int32 flags) { kconf_conf_space * cc; kconf_conf_space * cn; kconf_conf_space * p; + khm_boolean free_c = FALSE; /* TODO: if this is the last child space and the parent is marked for deletion, delete the parent as well. */ @@ -2131,7 +2132,7 @@ khcint_remove_space(kconf_conf_space * c, khm_int32 flags) { cc = TFIRSTCHILD(c); if (!cc && c->refcount == 0) { TDELCHILD(p, c); - khcint_free_space(c); + free_c = TRUE; } else { c->flags |= (flags & (KCONF_SPACE_FLAG_DELETE_M | @@ -2170,6 +2171,10 @@ khcint_remove_space(kconf_conf_space * c, khm_int32 flags) { } } + if (free_c) { + khcint_free_space(c); + } + return KHM_ERROR_SUCCESS; } -- 2.26.2