[Users] [Bug 3885] New: use after free in imap_session_authenticate()
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Wed Aug 30 16:19:36 CEST 2017
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3885
Bug ID: 3885
Summary: use after free in imap_session_authenticate()
Classification: Unclassified
Product: Claws Mail
Version: 3.15.1
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P3
Component: Folders/IMAP
Assignee: users at lists.claws-mail.org
Reporter: psychonaut at nothingisreal.com
Created attachment 1798
-->
http://www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1798&action=edit
Fix use after free in imap_session_authenticate()
The function imap_session_authenticate() in imap.c uses a pointer after freeing
it:
if (acc_pass != NULL) {
g_free(acc_pass);
memset(acc_pass, 0, strlen(acc_pass));
}
Attached is a patch (adapted from an openSUSE patch by Ricardo Mones) to fix
the issue.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list