]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e547a0d)
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski).
authorIlia Alshanetsky <iliaa@php.net>
Tue, 2 Nov 2010 17:50:39 +0000 (17:50 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Tue, 2 Nov 2010 17:50:39 +0000 (17:50 +0000)
NEWS patch | blob | history
ext/imap/php_imap.c patch | blob | history

diff --git a/NEWS b/NEWS
index 53398a64b7b9ddf7e41c4e6a6e17509d1733236b..f44206308b0955d473920178863ba1072ff02bec 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,8 @@
 - Implemented FR #44164, setting the header "Content-length" implicitly
   disables zlib.output_compression.
 
+- Fixed a possible double free in imap extension (Identified by Mateusz 
+  Kocielski). (Ilia)
 - Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
   (CVE-2010-3709). (Maksymilian Arciemowicz)
 - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 5432d84ff47c655c96693eb2c975b73a2b503684..408dd8b8759f952387b1c5788ba3fbdf82edfda8 100644 (file)
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -1209,10 +1209,12 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 
        if (IMAPG(imap_user)) {
                efree(IMAPG(imap_user));
+               IMAPG(imap_user) = 0;
        }
 
        if (IMAPG(imap_password)) {
                efree(IMAPG(imap_password));
+               IMAPG(imap_password) = 0;
        }
 
        /* local filename, need to perform open_basedir and safe_mode checks */
Unnamed repository; edit this file 'description' to name the repository.