login-common: Explicitly null client auth fields on proxy pool unref

Explicitly setting `client_id` and `forward_fields` to null in the
client may reveal use-after-free issues when trying to access these
fields on a client proxy.

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index c86a764e7fcf77295d109ae467b586eb7ca6ceb2..41a111b1edacfea8cf47bb94d6dd6d16083601b5 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -334,6 +334,8 @@ void client_destroy(struct client *client, const char *reason)
        client_disconnect(client, reason, !client->login_success);
 
        pool_unref(&client->preproxy_pool);
+       client->forward_fields = NULL;
+       client->client_id = NULL;
 
        if (client->master_tag != 0) {
                i_assert(client->auth_request == NULL);