From: Qualys Security Advisory Date: Mon, 22 Feb 2021 03:05:56 +0000 (-0800) Subject: CVE-2020-28018: Use-after-free in tls-openssl.c X-Git-Tag: exim-4.94.1~22 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/a53a7fcfb8216764e4420d8d263356b4ed7d5cef CVE-2020-28018: Use-after-free in tls-openssl.c (cherry picked from commit 6290686dd59d8158d100c67e8f96df27158a6fc5) --- diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 054b23d0c..499384b50 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -3675,16 +3675,12 @@ if ((more || corked)) { if (!len) buff = US &error; /* dummy just so that string_catn is ok */ -#ifndef DISABLE_PIPE_CONNECT int save_pool = store_pool; store_pool = POOL_PERM; -#endif corked = string_catn(corked, buff, len); -#ifndef DISABLE_PIPE_CONNECT store_pool = save_pool; -#endif if (more) {