Bug 3885 - use after free in imap_session_authenticate()
Summary: use after free in imap_session_authenticate()
Status: RESOLVED FIXED
Alias: None
Product: Claws Mail (GTK 2)
Classification: Unclassified
Component: Folders/IMAP (show other bugs)
Version: 3.15.1
Hardware: PC Linux
: P3 normal
Assignee: users
URL:
Depends on:
Blocks:
 
Reported: 2017-08-30 16:19 UTC by Tristan Miller
Modified: 2017-08-30 16:36 UTC (History)
0 users

See Also:

Attachments
Fix use after free in imap_session_authenticate() (328 bytes, patch)
2017-08-30 16:19 UTC, Tristan Miller 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Description Tristan Miller 2017-08-30 16:19:36 UTC 
Created attachment 1798 [details]
Fix use after free in imap_session_authenticate()

The function imap_session_authenticate() in imap.c uses a pointer after freeing it:

		if (acc_pass != NULL) {
			g_free(acc_pass);
			memset(acc_pass, 0, strlen(acc_pass));
		}

Attached is a patch (adapted from an openSUSE patch by Ricardo Mones) to fix the issue.
Comment 1 Paul 2017-08-30 16:36:52 UTC 
it was already fixed in git, but thanks anyway :)
Note You need to log in before you can comment on or make changes to this bug.