secur32/schannel: Avoid use-after-free in AcquireClientCredentials() (Coverity).

Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

secur32/schannel: Avoid use-after-free in AcquireClientCredentials() (Coverity).
e44a9d2c · Nikolay Sivov · Alexandre Julliard · 70d119b7 · e44a9d2c
Commit e44a9d2c authored Jun 04, 2022 by Nikolay Sivov Committed by Alexandre Julliard Jun 06, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

schannel.c dlls/secur32/schannel.c +2 -2

No files found.
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -589,8 +589,9 @@ static SECURITY_STATUS schan_AcquireClientCredentials(const void *schanCred,
    }
    params.key_size = key_size;
    params.key_blob = key_blob;
-    if (GNUTLS_CALL( allocate_certificate_credentials, &params )) goto fail;
+    status = GNUTLS_CALL( allocate_certificate_credentials, &params );
    free(key_blob);
+    if (status) goto fail;

    handle = schan_alloc_handle(creds, SCHAN_HANDLE_CRED);
    if (handle == SCHAN_INVALID_HANDLE) goto fail;
@@ -609,7 +610,6 @@ static SECURITY_STATUS schan_AcquireClientCredentials(const void *schanCred,

 fail:
    free(creds);
-    free(key_blob);
    return SEC_E_INTERNAL_ERROR;
 }