iliaa Tue, 02 Nov 2010 17:50:39 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=305032
Log:
Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski).
Changed paths:
U php/php-src/branches/PHP_5_2/NEWS
U php/php-src/branches/PHP_5_2/ext/imap/php_imap.c
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/imap/php_imap.c
U php/php-src/trunk/ext/imap/php_imap.c
Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS 2010-11-02 17:44:23 UTC (rev 305031)
+++ php/php-src/branches/PHP_5_2/NEWS 2010-11-02 17:50:39 UTC (rev 305032)
@@ -1,6 +1,8 @@
PHP
NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2010, PHP 5.2.15
+- Fixed a possible double free in imap extension (Identified by Mateusz
+ Kocielski). (Ilia)
- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
- Fixed possible crash in mssql_fetch_batch(). (Kalle)
Modified: php/php-src/branches/PHP_5_2/ext/imap/php_imap.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/imap/php_imap.c 2010-11-02 17:44:23 UTC
(rev 305031)
+++ php/php-src/branches/PHP_5_2/ext/imap/php_imap.c 2010-11-02 17:50:39 UTC
(rev 305032)
@@ -794,10 +794,12 @@
if (IMAPG(imap_user)) {
efree(IMAPG(imap_user));
+ IMAPG(imap_user) = 0;
}
if (IMAPG(imap_password)) {
efree(IMAPG(imap_password));
+ IMAPG(imap_password) = 0;
}
/* local filename, need to perform open_basedir and safe_mode checks */
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2010-11-02 17:44:23 UTC (rev 305031)
+++ php/php-src/branches/PHP_5_3/NEWS 2010-11-02 17:50:39 UTC (rev 305032)
@@ -22,6 +22,8 @@
- Implemented FR #44164, setting the header "Content-length" implicitly
disables zlib.output_compression.
+- Fixed a possible double free in imap extension (Identified by Mateusz
+ Kocielski). (Ilia)
- Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709). (Maksymilian Arciemowicz)
- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
Modified: php/php-src/branches/PHP_5_3/ext/imap/php_imap.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/imap/php_imap.c 2010-11-02 17:44:23 UTC
(rev 305031)
+++ php/php-src/branches/PHP_5_3/ext/imap/php_imap.c 2010-11-02 17:50:39 UTC
(rev 305032)
@@ -1209,10 +1209,12 @@
if (IMAPG(imap_user)) {
efree(IMAPG(imap_user));
+ IMAPG(imap_user) = 0;
}
if (IMAPG(imap_password)) {
efree(IMAPG(imap_password));
+ IMAPG(imap_password) = 0;
}
/* local filename, need to perform open_basedir and safe_mode checks */
Modified: php/php-src/trunk/ext/imap/php_imap.c
===================================================================
--- php/php-src/trunk/ext/imap/php_imap.c 2010-11-02 17:44:23 UTC (rev
305031)
+++ php/php-src/trunk/ext/imap/php_imap.c 2010-11-02 17:50:39 UTC (rev
305032)
@@ -1209,10 +1209,12 @@
if (IMAPG(imap_user)) {
efree(IMAPG(imap_user));
+ IMAPG(imap_user) = 0;
}
if (IMAPG(imap_password)) {
efree(IMAPG(imap_password));
+ IMAPG(imap_password) = 0;
}
/* local filename, need to perform open_basedir check */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
