From a9c4780ec3aca334bfe49f53afea0c5c79489fb7 Mon Sep 17 00:00:00 2001
From: Michael Ortmann <41313082+michaelortmann@users.noreply.github.com>
Date: Wed, 10 Jul 2024 07:03:19 +0200
Subject: [PATCH] Fix heap-use-after-free

---
 src/dcc.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/dcc.c b/src/dcc.c
index 3ce979ee5..4b0f4162d 100644
--- a/src/dcc.c
+++ b/src/dcc.c
@@ -360,8 +360,14 @@ static char *get_bot_pass(struct userrec *u) {
     if (pass2) {
       if (!pass) {
         pass = pass2;
-        if (encrypt_pass)
+        if (encrypt_pass) {
+	  /* get_user() returns a pointer of struct user_entry
+           * and set_user()->pass2_set() could free() and realloc it
+	   * so fetch it again with get_user()
+	   */
           set_user(&USERENTRY_PASS, u, pass);
+          pass = get_user(&USERENTRY_PASS2, u);
+	}
       } else if (strcmp(pass2, pass) && encrypt_pass2)
         pass = pass2;
     } else if (pass && encrypt_pass2)