File fetchmail-give-each-ctl-it-s-own-copy-of-password.patch of Package fetchmail.22404
From: Matthew Ogilvie <mmogilvi+fml@zoho.com>
Date: Fri, 9 Jun 2017 19:31:17 -0600
Subject: give each ctl it's own copy of password
Git-repo: https://gitlab.com/fetchmail/fetchmail.git
Git-commit: 469b0a212e7f047ab16ef46a9158df5fb373e8c2
pwdb_* and passwordfile options may free and re-allocate password
for each poll operation. Giving each context it's own copy of
the password should prevent accessing freed memory in another copy.
I haven't tested pwmd, but these seem like obvious fixes.
---
fetchmail.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/fetchmail.c b/fetchmail.c
index 0292d42a..e2828a4f 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -386,7 +386,7 @@ int main(int argc, char **argv)
if (NO_PASSWORD(ctl))
/* Server won't care what the password is, but there
must be some non-null string here. */
- ctl->password = ctl->remotename;
+ ctl->password = xstrdup(ctl->remotename);
else if (!ctl->passwordfile && ctl->passwordfd==-1)
{
netrc_entry *p;
@@ -1072,7 +1072,15 @@ static void optmerge(struct query *h2, struct query *h1, int force)
FLAG_MERGE(wildcard);
STRING_MERGE(remotename);
- STRING_MERGE(password);
+ if (force ? !!h1->password : !h2->password) {
+ if (h2->password) {
+ memset(h2->password, 0x55, strlen(h2->password));
+ xfree(h2->password);
+ }
+ if (h1->password) {
+ h2->password = xstrdup(h1->password);
+ }
+ }
FLAG_MERGE(passwordfile);
if (force ? h1->passwordfd!=-1 : h2->passwordfd==-1) {
h2->passwordfd = h1->passwordfd;
--
2.31.1