The following issue has been RESOLVED.
======================================================================
http://dbmail.org/mantis/view.php?id=590
======================================================================
Reported By: tss
Assigned To: aaron
======================================================================
Project: DBMail
Issue ID: 590
Category: IMAP daemon
Reproducibility: always
Severity: major
Priority: normal
Status: resolved
target:
Resolution: fixed
Fixed in Version: 2.2.5
======================================================================
Date Submitted: 12-May-07 01:03 CEST
Last Modified: 12-May-07 04:55 CEST
======================================================================
Summary: double frees in build_args_array_ext()
Description:
Double frees can lead to an exploitable security hole in some conditions..
free_args() can free pointers in the_args[] multiple times if
build_args_array_ext() in an error. This seems to fix it:
static void free_args(void)
{
int i;
for (i = 0; i < MAX_ARGS && the_args[i]; i++) {
dm_free(the_args[i]);
the_args[i] = NULL;
}
}
======================================================================
----------------------------------------------------------------------
aaron - 12-May-07 04:55
----------------------------------------------------------------------
Thanks, now in SVN!
Issue History
Date Modified Username Field Change
======================================================================
12-May-07 01:03 tss New Issue
12-May-07 04:55 aaron Status new => resolved
12-May-07 04:55 aaron Fixed in Version => 2.2.5
12-May-07 04:55 aaron Resolution open => fixed
12-May-07 04:55 aaron Assigned To => aaron
12-May-07 04:55 aaron Note Added: 0002160
======================================================================
_______________________________________________
Dbmail-dev mailing list
[email protected]
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
