From: Tilghman Lesher <tilghman@meg.abyt.es>
Date: Tue, 5 Oct 2010 20:20:07 +0000 (+0000)
Subject: Fix a crash by ensuring that we don't alter memory after it's freed.
X-Git-Tag: 1.4.38-rc1~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7320f82558501baadbcadf2465638172dd342b5;p=thirdparty%2Fasterisk.git

Fix a crash by ensuring that we don't alter memory after it's freed.

(closes issue #17387)
 Reported by: jmls
 Patches:
       20100726__issue17387.diff.txt uploaded by tilghman (license 14)
 Tested by: jmls


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@290392 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/res/res_jabber.c b/res/res_jabber.c
index a71aec110c..621c4ed69e 100644
--- a/res/res_jabber.c
+++ b/res/res_jabber.c
@@ -1855,16 +1855,19 @@ static int aji_get_roster(struct aji_client *client)
 static int aji_client_connect(void *data, ikspak *pak)
 {
 	struct aji_client *client = ASTOBJ_REF((struct aji_client *) data);
-	int res = 0;
+	int res = IKS_FILTER_PASS;
 
 	if (client) {
 		if (client->state == AJI_DISCONNECTED) {
 			iks_filter_add_rule(client->f, aji_filter_roster, client, IKS_RULE_TYPE, IKS_PAK_IQ, IKS_RULE_SUBTYPE, IKS_TYPE_RESULT, IKS_RULE_ID, "roster", IKS_RULE_DONE);
 			client->state = AJI_CONNECTING;
 			client->jid = (iks_find_cdata(pak->query, "jid")) ? iks_id_new(client->stack, iks_find_cdata(pak->query, "jid")) : client->jid;
-			iks_filter_remove_hook(client->f, aji_client_connect);
-			if(!client->component) /*client*/
+			if (!client->component) { /*client*/
 				aji_get_roster(client);
+			}
+			iks_filter_remove_hook(client->f, aji_client_connect);
+			/* Once we remove the hook for this routine, we must return EAT or we will crash or corrupt memory */
+			res = IKS_FILTER_EAT;
 		}
 	} else
 		ast_log(LOG_ERROR, "Out of memory.\n");