From 0c1fd4e9884ed7c1edd1819762b9e8a77f606ed3 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 19 Jul 2016 10:53:39 +0900
Subject: [PATCH] scd: Fix race conditions for release_application.

* scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling
release_application.

--

Thanks to Ben Warren for the report.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 scd/command.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/scd/command.c b/scd/command.c
index a4a2ba056..5842ee752 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -261,6 +261,7 @@ do_reset (ctrl_t ctrl, int send_reset)
   int vrdr = ctrl->server_local->vreader_idx;
   int slot;
   int err;
+  struct app_ctx_s *app = ctrl->app_ctx;
 
   if (!(vrdr == -1 || (vrdr >= 0 && vrdr < DIM(vreader_table))))
     BUG ();
@@ -268,10 +269,10 @@ do_reset (ctrl_t ctrl, int send_reset)
   /* If there is an active application, release it.  Tell all other
      sessions using the same application to release the
      application.  */
-  if (ctrl->app_ctx)
+  if (app)
     {
-      release_application (ctrl->app_ctx);
       ctrl->app_ctx = NULL;
+      release_application (app);
       if (send_reset)
         {
           struct server_local_s *sl;
@@ -1742,13 +1743,14 @@ static gpg_error_t
 cmd_restart (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
+  struct app_ctx_s *app = ctrl->app_ctx;
 
   (void)line;
 
-  if (ctrl->app_ctx)
+  if (app)
     {
-      release_application (ctrl->app_ctx);
       ctrl->app_ctx = NULL;
+      release_application (app);
     }
   if (locked_session && ctrl->server_local == locked_session)
     {