From 4817fbc362daa4474e72874eb714dc387ed2e3f8 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Tue, 24 Feb 2009 16:55:00 -0800
Subject: [PATCH] crypt32: Avoid reading freed memory when encountering a
 cyclic chain.

---
 dlls/crypt32/chain.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 5943117ddda..2e414cdddf8 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -306,7 +306,13 @@ static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine,
                  = subjectInfoStatus;
             /* FIXME: initialize the rest of element */
             if (!(chain->cElement % engine->CycleDetectionModulus))
+            {
                 CRYPT_CheckSimpleChainForCycles(chain);
+                /* Reinitialize the element pointer in case the chain is
+                 * cyclic, in which case the chain is truncated.
+                 */
+                element = chain->rgpElement[chain->cElement - 1];
+            }
             CRYPT_CombineTrustStatus(&chain->TrustStatus,
              &element->TrustStatus);
             ret = TRUE;
-- 
2.11.4.GIT