The following issue has been SUBMITTED.
======================================================================
http://www.dbmail.org/mantis/view.php?id=590
======================================================================
Reported By: tss
Assigned To:
======================================================================
Project: DBMail
Issue ID: 590
Category: IMAP daemon
Reproducibility: always
Severity: major
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 12-May-07 01:03 CEST
Last Modified: 12-May-07 01:03 CEST
======================================================================
Summary: double frees in build_args_array_ext()
Description:
Double frees can lead to an exploitable security hole in some conditions..
free_args() can free pointers in the_args[] multiple times if
build_args_array_ext() in an error. This seems to fix it:
static void free_args(void)
{
int i;
for (i = 0; i < MAX_ARGS && the_args[i]; i++) {
dm_free(the_args[i]);
the_args[i] = NULL;
}
}
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
12-May-07 01:03 tss New Issue
======================================================================
_______________________________________________
Dbmail-dev mailing list
[email protected]
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
