From 55c6df28a821502ec2e10a907c32ac52684f1bf8 Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre@reactos.org>
Date: Sun, 27 Apr 2014 18:29:06 +0000
Subject: [PATCH] [RAPPS] - Fix memory leaks - Fix null-pointer dereference -
 Fix user-after-free

CID #1206908
CID #1206915
CID #1206921
CID #1207022

svn path=/trunk/; revision=63021
---
 reactos/base/applications/rapps/available.c | 4 ++++
 reactos/base/applications/rapps/loaddlg.c   | 9 +++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/reactos/base/applications/rapps/available.c b/reactos/base/applications/rapps/available.c
index effde531fa3..22ba9c608f3 100644
--- a/reactos/base/applications/rapps/available.c
+++ b/reactos/base/applications/rapps/available.c
@@ -179,12 +179,16 @@ EnumAvailableApplications(INT EnumType, AVAILENUMPROC lpEnumProc)
     if (!GetLocaleInfoW(GetUserDefaultLCID(), LOCALE_ILANGUAGE,
                         szLocale, sizeof(szLocale) / sizeof(WCHAR)))
     {
+        FindClose(hFind);
         return FALSE;
     }
 
     hr = StringCbCatW(szSectionLocale, sizeof(szSectionLocale), szLocale);
     if (FAILED(hr))
+    {
+        FindClose(hFind);
         return FALSE;
+    }
 
 #define GET_STRING1(a, b)  \
     if (!ParserGetString(szSectionLocale, a, b, MAX_PATH, FindFileData.cFileName)) \
diff --git a/reactos/base/applications/rapps/loaddlg.c b/reactos/base/applications/rapps/loaddlg.c
index 316c86b4f5d..8471c6f3c95 100644
--- a/reactos/base/applications/rapps/loaddlg.c
+++ b/reactos/base/applications/rapps/loaddlg.c
@@ -205,7 +205,7 @@ static
 DWORD WINAPI
 ThreadFunc(LPVOID Context)
 {
-    IBindStatusCallback *dl;
+    IBindStatusCallback *dl = NULL;
     WCHAR path[MAX_PATH];
     LPWSTR p;
     HWND Dlg = (HWND) Context;
@@ -262,6 +262,7 @@ ThreadFunc(LPVOID Context)
     /* download it */
     bTempfile = TRUE;
     dl = CreateDl(Context, &bCancelled);
+    if (dl == NULL) goto end;
 
     hOpen = InternetOpenW(lpszAgent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
     if (!hOpen) goto end;
@@ -282,9 +283,7 @@ ThreadFunc(LPVOID Context)
         IBindStatusCallback_OnProgress(dl, dwCurrentBytesRead, dwContentLen, 0, AppInfo->szUrlDownload);
     }
     while (dwBytesRead);
-    
-    CloseHandle(hOut);
-    if (dl) IBindStatusCallback_Release(dl);
+
     if (bCancelled) goto end;
 
     ShowWindow(Dlg, SW_HIDE);
@@ -299,6 +298,8 @@ end:
     InternetCloseHandle(hFile);
     InternetCloseHandle(hOpen);
 
+    if (dl) IBindStatusCallback_Release(dl);
+
     if (bTempfile)
     {
         if (bCancelled || (SettingsInfo.bDelInstaller && !bCab))