From 2169750afea6e8a50da249a1def1112b95d3003e Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Fri, 4 Jun 2010 14:06:26 +0200
Subject: lockdown: correctly handle activation_record parameter in
 lockdownd_activate

The activation_record was inserted into the request plist and freed at
the end. If the user app then uses plist_free to free the activation
record, it gets an invalid free. By using plist_copy the
activation_record is not touched.
---
 src/lockdown.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lockdown.c b/src/lockdown.c
index ab49a6a..edd47e5 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -1442,7 +1442,7 @@ lockdownd_error_t lockdownd_activate(lockdownd_client_t client, plist_t activati
 	plist_t dict = plist_new_dict();
 	plist_dict_add_label(dict, client->label);
 	plist_dict_insert_item(dict,"Request", plist_new_string("Activate"));
-	plist_dict_insert_item(dict,"ActivationRecord", activation_record);
+	plist_dict_insert_item(dict,"ActivationRecord", plist_copy(activation_record));
 
 	ret = lockdownd_send(client, dict);
 	plist_free(dict);
-- 
cgit v1.1-32-gdbae