From a1632696a8730e3102e0e4fa92213b39807daa2f Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 2 Nov 2010 17:50:39 +0000
Subject: [PATCH] Fixed a possible double free in imap extension (Identified by
 Mateusz Kocielski).

---
 NEWS                | 2 ++
 ext/imap/php_imap.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index 53398a64b7..f44206308b 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,8 @@
 - Implemented FR #44164, setting the header "Content-length" implicitly
   disables zlib.output_compression.
 
+- Fixed a possible double free in imap extension (Identified by Mateusz 
+  Kocielski). (Ilia)
 - Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
   (CVE-2010-3709). (Maksymilian Arciemowicz)
 - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 5432d84ff4..408dd8b875 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -1209,10 +1209,12 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 
 	if (IMAPG(imap_user)) {
 		efree(IMAPG(imap_user));
+		IMAPG(imap_user) = 0;
 	}
 
 	if (IMAPG(imap_password)) {
 		efree(IMAPG(imap_password));
+		IMAPG(imap_password) = 0;
 	}
 
 	/* local filename, need to perform open_basedir and safe_mode checks */
-- 
2.40.0