Merged revisions 290408 via svnmerge from
authorTilghman Lesher <tilghman@meg.abyt.es>
Tue, 5 Oct 2010 20:24:37 +0000 (20:24 +0000)
committerTilghman Lesher <tilghman@meg.abyt.es>
Tue, 5 Oct 2010 20:24:37 +0000 (20:24 +0000)
https://origsvn.digium.com/svn/asterisk/branches/1.8

................
  r290408 | tilghman | 2010-10-05 15:23:33 -0500 (Tue, 05 Oct 2010) | 22 lines

  Merged revisions 290396 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.6.2

  ................
    r290396 | tilghman | 2010-10-05 15:21:02 -0500 (Tue, 05 Oct 2010) | 15 lines

    Merged revisions 290392 via svnmerge from
    https://origsvn.digium.com/svn/asterisk/branches/1.4

    ........
      r290392 | tilghman | 2010-10-05 15:20:07 -0500 (Tue, 05 Oct 2010) | 8 lines

      Fix a crash by ensuring that we don't alter memory after it's freed.

      (closes issue #17387)
       Reported by: jmls
       Patches:
             20100726__issue17387.diff.txt uploaded by tilghman (license 14)
       Tested by: jmls
    ........
  ................
................

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@290414 65c4cc65-6c06-0410-ace0-fbb531ad65f3

res/res_jabber.c

index 9548dd8..ccf9d3d 100644 (file)
@@ -3038,20 +3038,23 @@ static int aji_get_roster(struct aji_client *client)
 static int aji_client_connect(void *data, ikspak *pak)
 {
        struct aji_client *client = ASTOBJ_REF((struct aji_client *) data);
-       int res = 0;
+       int res = IKS_FILTER_PASS;
 
        if (client) {
                if (client->state == AJI_DISCONNECTED) {
                        iks_filter_add_rule(client->f, aji_filter_roster, client, IKS_RULE_TYPE, IKS_PAK_IQ, IKS_RULE_SUBTYPE, IKS_TYPE_RESULT, IKS_RULE_ID, "roster", IKS_RULE_DONE);
                        client->state = AJI_CONNECTING;
                        client->jid = (iks_find_cdata(pak->query, "jid")) ? iks_id_new(client->stack, iks_find_cdata(pak->query, "jid")) : client->jid;
-                       iks_filter_remove_hook(client->f, aji_client_connect);
                        if (!client->component) { /*client*/
                                aji_get_roster(client);
-                               if (client->distribute_events) {
-                                       aji_init_event_distribution(client);
-                               }
                        }
+                       if (client->distribute_events) {
+                               aji_init_event_distribution(client);
+                       }
+
+                       iks_filter_remove_hook(client->f, aji_client_connect);
+                       /* Once we remove the hook for this routine, we must return EAT or we will crash or corrupt memory */
+                       res = IKS_FILTER_EAT;
                }
        } else {
                ast_log(LOG_ERROR, "Out of memory.\n");