Summary: | use after free in imap_session_authenticate() | ||||||
---|---|---|---|---|---|---|---|
Product: | Claws Mail (GTK 2) | Reporter: | Tristan Miller <psychonaut> | ||||
Component: | Folders/IMAP | Assignee: | users | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | ||||||
Priority: | P3 | ||||||
Version: | 3.15.1 | ||||||
Hardware: | PC | ||||||
OS: | Linux | ||||||
Attachments: |
|
it was already fixed in git, but thanks anyway :) |
Created attachment 1798 [details] Fix use after free in imap_session_authenticate() The function imap_session_authenticate() in imap.c uses a pointer after freeing it: if (acc_pass != NULL) { g_free(acc_pass); memset(acc_pass, 0, strlen(acc_pass)); } Attached is a patch (adapted from an openSUSE patch by Ricardo Mones) to fix the issue.