Fixed a possible double free in imap extension (Identified by Mateusz Kocielski).

author: Ilia Alshanetsky <iliaa@php.net> 2010-11-02 17:50:39 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2010-11-02 17:50:39 +0000
commit: 785bf5b31e172a6a29724be362a347674c816a10 (patch)
tree: b120bfc961ff4bcda474431a627eee912c75ed0a
parent: b37ecc1a2d68d9b3cdbace15cae9948e33ae0a53 (diff)
download: php-git-785bf5b31e172a6a29724be362a347674c816a10.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e181465421..d7098489c3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2010, PHP 5.2.15
+- Fixed a possible double free in imap extension (Identified by Mateusz 
+  Kocielski). (Ilia)
 - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
 - Fixed possible crash in mssql_fetch_batch(). (Kalle)
 
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 829276023f..2005d51628 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -794,10 +794,12 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 
 	if (IMAPG(imap_user)) {
 		efree(IMAPG(imap_user));
+		IMAPG(imap_user) = 0;
 	}
 
 	if (IMAPG(imap_password)) {
 		efree(IMAPG(imap_password));
+		IMAPG(imap_password) = 0;
 	}
 
 	/* local filename, need to perform open_basedir and safe_mode checks */
author	Ilia Alshanetsky <iliaa@php.net>	2010-11-02 17:50:39 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2010-11-02 17:50:39 +0000
commit	785bf5b31e172a6a29724be362a347674c816a10 (patch)
tree	b120bfc961ff4bcda474431a627eee912c75ed0a
parent	b37ecc1a2d68d9b3cdbace15cae9948e33ae0a53 (diff)
download	php-git-785bf5b31e172a6a29724be362a347674c816a10.tar.gz