From 2639fb870dfbf99a4954404bd1b4c25b60b8a7bc Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Fri, 4 Jun 2010 14:06:26 +0200
Subject: lockdown: correctly handle activation_record parameter in
 lockdownd_activate

The activation_record was inserted into the request plist and freed at
the end. If the user app then uses plist_free to free the activation
record, it gets an invalid free. By using plist_copy the
activation_record is not touched.
---
 src/lockdown.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lockdown.c b/src/lockdown.c
index 341fbde..49a42e5 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -1445,7 +1445,7 @@ lockdownd_error_t lockdownd_activate(lockdownd_client_t client, plist_t activati
 	plist_t dict = plist_new_dict();
 	plist_dict_add_label(dict, client->label);
 	plist_dict_insert_item(dict,"Request", plist_new_string("Activate"));
-	plist_dict_insert_item(dict,"ActivationRecord", activation_record);
+	plist_dict_insert_item(dict,"ActivationRecord", plist_copy(activation_record));
 
 	ret = lockdownd_send(client, dict);
 	plist_free(dict);
-- 
cgit v1.1-32-gdbae