From 85e5a019496c1f5ef1ae0393f21470de7f0ff046 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Mon, 30 Mar 2020 21:02:40 +0200
Subject: fetchmail.c Avoid double-free in optmerge()'s STRING_MERGE macro.

The memory leak free fix could try to double-free fields.
Zero them out properly to avoid that.
---
 fetchmail.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fetchmail.c b/fetchmail.c
index c74d553c..2ad62205 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -974,8 +974,8 @@ static void optmerge(struct query *h2, struct query *h1, int force)
     list_merge(&h2->domainlist, &h1->domainlist, force);
     list_merge(&h2->antispam, &h1->antispam, force);
 
-#define FLAG_MERGE(fld) do { if (force ? !!h1->fld : !h2->fld) h2->fld = h1->fld; } while (0)
-#define STRING_MERGE(fld) do { if (force ? !!h1->fld : !h2->fld) { if (h2->fld) free((void *)h2->fld); h2->fld = h1->fld; } } while (0)
+#define   FLAG_MERGE(fld) do { if (force ? !!h1->fld : !h2->fld) h2->fld = h1->fld; } while (0)
+#define STRING_MERGE(fld) do { if (force ? !!h1->fld : !h2->fld) { if (h2->fld) free((void *)h2->fld), h2->fld = 0; if (h1->fld) h2->fld = xstrdup(h1->fld); } } while (0)
     STRING_MERGE(server.via);
     FLAG_MERGE(server.protocol);
     STRING_MERGE(server.service);
-- 
cgit v1.2.3