iliaa                                    Tue, 02 Nov 2010 17:50:39 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=305032

Log:
Fixed a possible double free in imap extension (Identified by Mateusz 
Kocielski).

Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/imap/php_imap.c
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/imap/php_imap.c
    U   php/php-src/trunk/ext/imap/php_imap.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2010-11-02 17:44:23 UTC (rev 305031)
+++ php/php-src/branches/PHP_5_2/NEWS   2010-11-02 17:50:39 UTC (rev 305032)
@@ -1,6 +1,8 @@
 ´╗┐PHP                                                                        
NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2010, PHP 5.2.15
+- Fixed a possible double free in imap extension (Identified by Mateusz
+  Kocielski). (Ilia)
 - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
 - Fixed possible crash in mssql_fetch_batch(). (Kalle)


Modified: php/php-src/branches/PHP_5_2/ext/imap/php_imap.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/imap/php_imap.c    2010-11-02 17:44:23 UTC 
(rev 305031)
+++ php/php-src/branches/PHP_5_2/ext/imap/php_imap.c    2010-11-02 17:50:39 UTC 
(rev 305032)
@@ -794,10 +794,12 @@

        if (IMAPG(imap_user)) {
                efree(IMAPG(imap_user));
+               IMAPG(imap_user) = 0;
        }

        if (IMAPG(imap_password)) {
                efree(IMAPG(imap_password));
+               IMAPG(imap_password) = 0;
        }

        /* local filename, need to perform open_basedir and safe_mode checks */

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2010-11-02 17:44:23 UTC (rev 305031)
+++ php/php-src/branches/PHP_5_3/NEWS   2010-11-02 17:50:39 UTC (rev 305032)
@@ -22,6 +22,8 @@
 - Implemented FR #44164, setting the header "Content-length" implicitly
   disables zlib.output_compression.

+- Fixed a possible double free in imap extension (Identified by Mateusz
+  Kocielski). (Ilia)
 - Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
   (CVE-2010-3709). (Maksymilian Arciemowicz)
 - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)

Modified: php/php-src/branches/PHP_5_3/ext/imap/php_imap.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/imap/php_imap.c    2010-11-02 17:44:23 UTC 
(rev 305031)
+++ php/php-src/branches/PHP_5_3/ext/imap/php_imap.c    2010-11-02 17:50:39 UTC 
(rev 305032)
@@ -1209,10 +1209,12 @@

        if (IMAPG(imap_user)) {
                efree(IMAPG(imap_user));
+               IMAPG(imap_user) = 0;
        }

        if (IMAPG(imap_password)) {
                efree(IMAPG(imap_password));
+               IMAPG(imap_password) = 0;
        }

        /* local filename, need to perform open_basedir and safe_mode checks */

Modified: php/php-src/trunk/ext/imap/php_imap.c
===================================================================
--- php/php-src/trunk/ext/imap/php_imap.c       2010-11-02 17:44:23 UTC (rev 
305031)
+++ php/php-src/trunk/ext/imap/php_imap.c       2010-11-02 17:50:39 UTC (rev 
305032)
@@ -1209,10 +1209,12 @@

        if (IMAPG(imap_user)) {
                efree(IMAPG(imap_user));
+               IMAPG(imap_user) = 0;
        }

        if (IMAPG(imap_password)) {
                efree(IMAPG(imap_password));
+               IMAPG(imap_password) = 0;
        }

        /* local filename, need to perform open_basedir check */

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to