From: Karl Fleischmann <karl.fleischmann@open-xchange.com>
Date: Wed, 15 Dec 2021 08:19:40 +0000 (+0100)
Subject: login-common: Explicitly null client auth fields on proxy pool unref
X-Git-Tag: 2.3.18~70
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=793cae85499a2775cf023c04050eaa568b051d93;p=thirdparty%2Fdovecot%2Fcore.git

login-common: Explicitly null client auth fields on proxy pool unref

Explicitly setting `client_id` and `forward_fields` to null in the
client may reveal use-after-free issues when trying to access these
fields on a client proxy.
---

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index c86a764e7f..41a111b1ed 100644
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -334,6 +334,8 @@ void client_destroy(struct client *client, const char *reason)
 	client_disconnect(client, reason, !client->login_success);
 
 	pool_unref(&client->preproxy_pool);
+	client->forward_fields = NULL;
+	client->client_id = NULL;
 
 	if (client->master_tag != 0) {
 		i_assert(client->auth_request == NULL);