From 3b3386a3fd973ed7f388b1356138941c302848f2 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 19 Jul 2016 10:53:39 +0900
Subject: [PATCH] scd: Fix race conditions for release_application.

* scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling
release_application.

--
Backport of master commit: 0c1fd4e9884ed7c1edd1819762b9e8a77f606ed3

Thanks to Ben Warren for the report.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 scd/command.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/scd/command.c b/scd/command.c
index 44f0b21bd..24c51c869 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -283,6 +283,7 @@ static void
 do_reset (ctrl_t ctrl, int send_reset)
 {
   int slot = ctrl->reader_slot;
+  struct app_ctx_s *app = ctrl->app_ctx;
 
   if (!(slot == -1 || (slot >= 0 && slot < DIM(slot_table))))
     BUG ();
@@ -290,10 +291,10 @@ do_reset (ctrl_t ctrl, int send_reset)
   /* If there is an active application, release it.  Tell all other
      sessions using the same application to release the
      application.  */
-  if (ctrl->app_ctx)
+  if (app)
     {
-      release_application (ctrl->app_ctx);
       ctrl->app_ctx = NULL;
+      release_application (app);
       if (send_reset)
         {
           struct server_local_s *sl;
@@ -1744,13 +1745,14 @@ static gpg_error_t
 cmd_restart (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
+  struct app_ctx_s *app = ctrl->app_ctx;
 
   (void)line;
 
-  if (ctrl->app_ctx)
+  if (app)
     {
-      release_application (ctrl->app_ctx);
       ctrl->app_ctx = NULL;
+      release_application (app);
     }
   if (locked_session && ctrl->server_local == locked_session)
     {