From e5b781e0e41a99f275449d109d268186e09f3e61 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 28 Sep 2007 23:38:53 +0000 Subject: [PATCH] pull up r19865 from trunk r19865@cathode-dark-space: jaltman | 2007-08-24 10:47:30 -0400 ticket: new subject: NIM: khcint_remove_space() frees memory too soon component: windows The Network Identity Manager Configuration Provider module keeps track of the application and plug-in configuration settings organized into configuration spaces. The state of each configuration space is maintained in a reference counted object. Once all the references are released, the Configuration Provider will attempt to free the resources allocated for the object. If the configuration space was marked for deletion, then the registry keys associated with the object need to be deleted when the object is being discarded. Due to a coding error, the memory allocated for the object would be freed before the associated registry keys were deleted. This could result in a memory access error. The patch corrects the code in khcint_remove_space() to free the allocated memory after all the remaining clean-up steps have been performed. ticket: 5686 version_fixed: 1.6.3 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20000 dc483132-0cff-0310-8789-dd5450dbe970 --- src/windows/identity/kconfig/api.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/windows/identity/kconfig/api.c b/src/windows/identity/kconfig/api.c index 6c7ac8e47..f9cd64855 100644 --- a/src/windows/identity/kconfig/api.c +++ b/src/windows/identity/kconfig/api.c @@ -2105,6 +2105,7 @@ khcint_remove_space(kconf_conf_space * c, khm_int32 flags) { kconf_conf_space * cc; kconf_conf_space * cn; kconf_conf_space * p; + khm_boolean free_c = FALSE; /* TODO: if this is the last child space and the parent is marked for deletion, delete the parent as well. */ @@ -2131,7 +2132,7 @@ khcint_remove_space(kconf_conf_space * c, khm_int32 flags) { cc = TFIRSTCHILD(c); if (!cc && c->refcount == 0) { TDELCHILD(p, c); - khcint_free_space(c); + free_c = TRUE; } else { c->flags |= (flags & (KCONF_SPACE_FLAG_DELETE_M | @@ -2170,6 +2171,10 @@ khcint_remove_space(kconf_conf_space * c, khm_int32 flags) { } } + if (free_c) { + khcint_free_space(c); + } + return KHM_ERROR_SUCCESS; } -- 2.26.2