diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/imap/php_imap.c | 2 |
2 files changed, 4 insertions, 0 deletions
@@ -22,6 +22,8 @@ - Implemented FR #44164, setting the header "Content-length" implicitly disables zlib.output_compression. +- Fixed a possible double free in imap extension (Identified by Mateusz + Kocielski). (Ilia) - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 5432d84ff4..408dd8b875 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -1209,10 +1209,12 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent) if (IMAPG(imap_user)) { efree(IMAPG(imap_user)); + IMAPG(imap_user) = 0; } if (IMAPG(imap_password)) { efree(IMAPG(imap_password)); + IMAPG(imap_password) = 0; } /* local filename, need to perform open_basedir and safe_mode checks */ |