From 0d022ddf03c5fabaaa22e486d1e4a367ed9170a7 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Mon, 12 Oct 2020 10:36:18 +0200
Subject: Fix #80220: imap_mail_compose() may leak memory

Unless `topbod` is of `TYPEMULTIPART`, `mail_free_body()` does not free
the `nested.part`; while we could do this ourselves, instead we just
ignore additional bodies in this case, i.e. we don't attach them in the
first place.

Closes GH-6321.
---
 ext/imap/php_imap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ext')

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 7901777f81..0cf350e907 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -3714,7 +3714,7 @@ PHP_FUNCTION(imap_mail_compose)
 				convert_to_string_ex(pvalue);
 				bod->md5 = cpystr(Z_STRVAL_P(pvalue));
 			}
-		} else if (Z_TYPE_P(data) == IS_ARRAY) {
+		} else if (Z_TYPE_P(data) == IS_ARRAY && topbod->type == TYPEMULTIPART) {
 			short type = -1;
 			SEPARATE_ARRAY(data);
 			if ((pvalue = zend_hash_str_find(Z_ARRVAL_P(data), "type", sizeof("type") - 1)) != NULL) {
-- 
cgit v1.2.1