2 files changed, 9 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index 0889eb38..2cea3c34 100644
--- a/NEWS
+++ b/NEWS
@@ -84,6 +84,10 @@ removed from a 6.5.0 or newer release.)
 --------------------------------------------------------------------------------
 fetchmail-6.4.17 (not yet released):
 
+# BUG FIXES
+* IMAP client: it used to leak memory for username and password when trying
+  the LOGIN (password-based) authentication and encountered a timeout situation.
+
 # CHANGES
 * fetchmail.man: now mentions that you may need to add --ssl when specifying
   a TLS-wrapped port.
diff --git a/imap.c b/imap.c
index 90c3f92c..a7ddc45f 100644
--- a/imap.c
+++ b/imap.c
@@ -639,11 +639,13 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	|| ctl->server.authenticate == A_PASSWORD)
     {
 	/* these sizes guarantee no buffer overflow */
-	char *remotename, *password;
+	static char *remotename, *password; /* XXX FIXME: not thread-safe but is leaky on timeout */
 	size_t rnl, pwl;
 	rnl = 2 * strlen(ctl->remotename) + 1;
 	pwl = 2 * strlen(ctl->password) + 1;
+	if (remotename) xfree(remotename);
 	remotename = (char *)xmalloc(rnl);
+	if (password) xfree(password);
 	password = (char *)xmalloc(pwl);
 
 	imap_canonicalize(remotename, ctl->remotename, rnl);
@@ -654,8 +656,8 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	memset(shroud, 0x55, sizeof(shroud));
 	shroud[0] = '\0';
 	memset(password, 0x55, strlen(password));
-	free(password);
-	free(remotename);
+	xfree(password);
+	xfree(remotename);
 	if (ok)
 	{
 	    if(ctl->server.authenticate != A_ANY)