don't crash if the API is used incorrectly

diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
index 6aa94e2e006316eea91c5022076b69860482f6ee..d4ccd0034642067305d9b573e8fab8bd7123cd0f 100644 (file)
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@@ -1971,15 +1971,19 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
                }
        }
        if (ret == PASS) {
+               char * tmp = NULL;
+               /* if we get conn->user as parameter and then we first free it, then estrndup it, we will crash */
+               tmp = mnd_pestrndup(user, user_len, conn->persistent);
                if (conn->user) {
                        mnd_pefree(conn->user, conn->persistent);
                }
-               conn->user = mnd_pestrndup(user, user_len, conn->persistent);
+               conn->user = tmp;
 
+               tmp = mnd_pestrdup(passwd, conn->persistent);
                if (conn->passwd) {
                        mnd_pefree(conn->passwd, conn->persistent);
                }
-               conn->passwd = mnd_pestrdup(passwd, conn->persistent);
+               conn->passwd = tmp;
 
                if (conn->last_message) {
                        mnd_pefree(conn->last_message, conn->persistent);