1 files changed, 12 insertions, 8 deletions

diff --git a/libshouldbeinlibc/exec-reauth.c b/libshouldbeinlibc/exec-reauth.c
index 2b068684..dd267ef7 100644
--- a/libshouldbeinlibc/exec-reauth.c
+++ b/libshouldbeinlibc/exec-reauth.c
@@ -1,6 +1,6 @@
 /* Re-authentication in preparation for an exec
 
-   Copyright (C) 1995, 1996 Free Software Foundation, Inc.
+   Copyright (C) 1995, 96, 98, 2000 Free Software Foundation, Inc.
 
    Stolen by Miles Bader <miles@gnu.ai.mit.edu>, but really
      written by Michael I. Bushnell p/BSG  <mib@gnu.ai.mit.edu>
@@ -54,9 +54,12 @@ exec_reauth (auth_t auth, int secure, int must_reauth,
 	    (isproc ? proc_reauthenticate : io_reauthenticate)
 	      (*port, ref, MACH_MSG_TYPE_MAKE_SEND);
 
+	  /* MAKE_SEND is safe here because we destroy REF ourselves. */
+
 	  if (!err)
 	    err = auth_user_authenticate (auth, ref, MACH_MSG_TYPE_MAKE_SEND,
 					  &newport);
+	  mach_port_destroy (mach_task_self (), ref);
 	  if (err)
 	    {
 	      if (must_reauth)
@@ -73,22 +76,23 @@ exec_reauth (auth_t auth, int secure, int must_reauth,
 		  *port = newport;
 		}
 	    }
-	  mach_port_destroy (mach_task_self (), ref);
 	}
       return 0;
     }
-      
+
   /* Re-authenticate all the ports we are handing to the user
      with this new port, and install the new auth port in ports. */
   for (i = 0; i < num_fds && !err; ++i)
     err = reauth (&fds[i], 0);
 
   if (!err)
-    if (secure)
-      /* Not worth doing; the exec server will just do it again.  */
-      ports[INIT_PORT_CRDIR] = MACH_PORT_NULL;
-    else
-      err = reauth (&ports[INIT_PORT_CRDIR], 0);
+    {
+      if (secure)
+	/* Not worth doing; the exec server will just do it again.  */
+	ports[INIT_PORT_CRDIR] = MACH_PORT_NULL;
+      else
+	err = reauth (&ports[INIT_PORT_CRDIR], 0);
+    }
   if (!err)
     err = reauth (&ports[INIT_PORT_PROC], 1);
   if (!err)