Fixed a possible double free in imap extension (Identified by Mateusz Kocielski).

author: Ilia Alshanetsky <iliaa@php.net> 2010-11-02 17:50:39 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2010-11-02 17:50:39 +0000
commit: a1632696a8730e3102e0e4fa92213b39807daa2f (patch)
tree: 74d6e25003a48d913f4df0bb71719f48db946a08
parent: e547a0dfecdd7aa520148a89418c216f7c7efe2a (diff)
download: php-git-a1632696a8730e3102e0e4fa92213b39807daa2f.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 53398a64b7..f44206308b 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,8 @@
 - Implemented FR #44164, setting the header "Content-length" implicitly
   disables zlib.output_compression.
 
+- Fixed a possible double free in imap extension (Identified by Mateusz 
+  Kocielski). (Ilia)
 - Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
   (CVE-2010-3709). (Maksymilian Arciemowicz)
 - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 5432d84ff4..408dd8b875 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -1209,10 +1209,12 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 
 	if (IMAPG(imap_user)) {
 		efree(IMAPG(imap_user));
+		IMAPG(imap_user) = 0;
 	}
 
 	if (IMAPG(imap_password)) {
 		efree(IMAPG(imap_password));
+		IMAPG(imap_password) = 0;
 	}
 
 	/* local filename, need to perform open_basedir and safe_mode checks */
author	Ilia Alshanetsky <iliaa@php.net>	2010-11-02 17:50:39 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2010-11-02 17:50:39 +0000
commit	a1632696a8730e3102e0e4fa92213b39807daa2f (patch)
tree	74d6e25003a48d913f4df0bb71719f48db946a08
parent	e547a0dfecdd7aa520148a89418c216f7c7efe2a (diff)
download	php-git-a1632696a8730e3102e0e4fa92213b39807daa2f.tar.gz