From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Mon, 3 Feb 2025 10:21:37 +0000 (+0200)
Subject: imap-login: Fix accessing freed memory when using IMAP COMPRESS
X-Git-Tag: 2.4.1~247
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ce01ccec7a8e3148413c4ea6863da7218dfa2686;p=thirdparty%2Fdovecot%2Fcore.git

imap-login: Fix accessing freed memory when using IMAP COMPRESS

Broken by "imap-login: Fix leaking settings instance memory" commit.
---

diff --git a/src/imap-login/imap-login-client.c b/src/imap-login/imap-login-client.c
index 90bc70127c..a31be22fc3 100644
--- a/src/imap-login/imap-login-client.c
+++ b/src/imap-login/imap-login-client.c
@@ -419,8 +419,14 @@ static void imap_client_destroy(struct client *client)
 		cmd_id_free(imap_client);
 	}
 
-	settings_free(imap_client->set);
+	/* The client may live on as proxying, even though the imap-specific
+	   parts get freed. Clear out the settings instance, so it's not
+	   attempted to be used anymore. Alternatively we could delay freeing
+	   it until the client is freed, but that would require more changes. */
+	event_set_ptr(client->event, SETTINGS_EVENT_INSTANCE, NULL);
 	settings_instance_free(&imap_client->set_instance);
+
+	settings_free(imap_client->set);
 	i_free_and_null(imap_client->proxy_backend_capability);
 	imap_parser_unref(&imap_client->parser);
 }