From 38653ec3ca6665dfde1ea94f094b00a5c06fcc4f Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 14 Feb 2021 10:39:42 +0100 Subject: imap.c: fix memory leak in timeout situation for LOGIN auth ...which uses siglongjmp() so that gen_transact() will not return. Note, just in case, this uses local static buffers and is not thread-safe. --- NEWS | 4 ++++ imap.c | 8 +++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 0889eb38..2cea3c34 100644 --- a/NEWS +++ b/NEWS @@ -84,6 +84,10 @@ removed from a 6.5.0 or newer release.) -------------------------------------------------------------------------------- fetchmail-6.4.17 (not yet released): +# BUG FIXES +* IMAP client: it used to leak memory for username and password when trying + the LOGIN (password-based) authentication and encountered a timeout situation. + # CHANGES * fetchmail.man: now mentions that you may need to add --ssl when specifying a TLS-wrapped port. diff --git a/imap.c b/imap.c index 90c3f92c..a7ddc45f 100644 --- a/imap.c +++ b/imap.c @@ -639,11 +639,13 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) || ctl->server.authenticate == A_PASSWORD) { /* these sizes guarantee no buffer overflow */ - char *remotename, *password; + static char *remotename, *password; /* XXX FIXME: not thread-safe but is leaky on timeout */ size_t rnl, pwl; rnl = 2 * strlen(ctl->remotename) + 1; pwl = 2 * strlen(ctl->password) + 1; + if (remotename) xfree(remotename); remotename = (char *)xmalloc(rnl); + if (password) xfree(password); password = (char *)xmalloc(pwl); imap_canonicalize(remotename, ctl->remotename, rnl); @@ -654,8 +656,8 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) memset(shroud, 0x55, sizeof(shroud)); shroud[0] = '\0'; memset(password, 0x55, strlen(password)); - free(password); - free(remotename); + xfree(password); + xfree(remotename); if (ok) { if(ctl->server.authenticate != A_ANY) -- cgit v1.2.3