From 33e9b7f59adeaef1a835fc3f6786814ecc9517d2 Mon Sep 17 00:00:00 2001
From: Brad Smith <brad@cvs.openbsd.org>
Date: Wed, 20 Feb 2008 12:41:52 +0000
Subject: Fix a use-after-free bug in the envelope code just after a port 25
 fork.

From Matthew Dillon@DragonFlyBSD

ok millert@ dlg@
---
 gnu/usr.sbin/sendmail/sendmail/main.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/gnu/usr.sbin/sendmail/sendmail/main.c b/gnu/usr.sbin/sendmail/sendmail/main.c
index 7963d92be7e..c3b12a67e6e 100644
--- a/gnu/usr.sbin/sendmail/sendmail/main.c
+++ b/gnu/usr.sbin/sendmail/sendmail/main.c
@@ -2517,9 +2517,12 @@ main(argc, argv, envp)
 		macdefine(&BlankEnvelope.e_macro, A_TEMP, '_', authinfo);
 
 		/* at this point we are in a child: reset state */
-		sm_rpool_free(MainEnvelope.e_rpool);
-		(void) newenvelope(&MainEnvelope, &MainEnvelope,
-				   sm_rpool_new_x(NULL));
+		{
+			SM_RPOOL_T *opool = MainEnvelope.e_rpool;
+			(void) newenvelope(&MainEnvelope, &MainEnvelope,
+					   sm_rpool_new_x(NULL));
+			sm_rpool_free(opool);
+		}
 	}
 
 	if (LogLevel > 9)
-- 
cgit v1.2.3