From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 2 Nov 2010 17:50:39 +0000 (+0000)
Subject: Fixed a possible double free in imap extension (Identified by Mateusz Kocielski).
X-Git-Tag: php-5.3.4RC1~92
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a1632696a8730e3102e0e4fa92213b39807daa2f;p=php

Fixed a possible double free in imap extension (Identified by Mateusz Kocielski).
---

diff --git a/NEWS b/NEWS
index 53398a64b7..f44206308b 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,8 @@
 - Implemented FR #44164, setting the header "Content-length" implicitly
   disables zlib.output_compression.
 
+- Fixed a possible double free in imap extension (Identified by Mateusz 
+  Kocielski). (Ilia)
 - Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
   (CVE-2010-3709). (Maksymilian Arciemowicz)
 - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 5432d84ff4..408dd8b875 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -1209,10 +1209,12 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 
 	if (IMAPG(imap_user)) {
 		efree(IMAPG(imap_user));
+		IMAPG(imap_user) = 0;
 	}
 
 	if (IMAPG(imap_password)) {
 		efree(IMAPG(imap_password));
+		IMAPG(imap_password) = 0;
 	}
 
 	/* local filename, need to perform open_basedir and safe_mode checks */