Merge pull request #5079 from dilyanpalauzov/http_cgi_use_after_free_…

…environ http_cgi.c:service_main() avoid use after free(environ)
cyrusimap · Oct 14, 2024 · 71ae1e3 · 71ae1e3
2 parents 4c5fa1d + 8ed20db
commit 71ae1e3
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/imap/http_cgi.c b/imap/http_cgi.c
@@ -248,13 +248,16 @@ static int meth_get(struct transaction_t *txn,
 
     env = strarray_splitm(NULL, buf_release(&txn->buf), "\t", 0);
     strarray_append(env, NULL);
+    char **const environ_orig = environ;
     environ = env->data;
 
     /* Run script */
     if (command_popen(&cmd, "rw", cwd, script, NULL)) {
         ret = HTTP_SERVER_ERROR;
+        environ = environ_orig;
         goto done;
     }
+    environ = environ_orig;
 
     /* Send request body */
     prot_putbuf(cmd->stdin_prot, &txn->req_body.payload);