From: Qualys Security Advisory <qsa@qualys.com>
Date: Mon, 22 Feb 2021 03:05:56 +0000 (-0800)
Subject: CVE-2020-28018: Use-after-free in tls-openssl.c
X-Git-Tag: exim-4.95-RC0~51^2~22
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/6649a4305126a4baa48d4c5b07568a519939fb17

CVE-2020-28018: Use-after-free in tls-openssl.c

(cherry picked from commit 6290686dd59d8158d100c67e8f96df27158a6fc5)
(cherry picked from commit a53a7fcfb8216764e4420d8d263356b4ed7d5cef)
---

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 13b0c232f..eb18d64d3 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -4053,16 +4053,12 @@ if (more || corked)
   {
   if (!len) buff = US &error;	/* dummy just so that string_catn is ok */
 
-#ifndef DISABLE_PIPE_CONNECT
   int save_pool = store_pool;
   store_pool = POOL_PERM;
-#endif
 
   corked = string_catn(corked, buff, len);
 
-#ifndef DISABLE_PIPE_CONNECT
   store_pool = save_pool;
-#endif
 
   if (more)
     {