From cb9d4c25fca683edd145237f4d11bb1f0dc32f10 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Mon, 9 Oct 2023 02:08:56 +0200
Subject: [PATCH] lib-smtp: smtp-server-connection - Call connnection_deinit()
 before conn_free() callback to prevent NULL dereference

The callback may destroy stuff that e.g. the event logging depends on. The
connection_deinit() call will cause event logging, which would cause trouble if
it is called after conn_free().
---
 src/lib-smtp/smtp-server-connection.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib-smtp/smtp-server-connection.c b/src/lib-smtp/smtp-server-connection.c
index aa6d8b0091..953b69afd6 100644
--- a/src/lib-smtp/smtp-server-connection.c
+++ b/src/lib-smtp/smtp-server-connection.c
@@ -1120,11 +1120,11 @@ bool smtp_server_connection_unref(struct smtp_server_connection **_conn)
 
 	e_debug(conn->event, "Connection destroy");
 
+	connection_deinit(&conn->conn);
+
 	if (conn->callbacks != NULL && conn->callbacks->conn_free != NULL)
 		conn->callbacks->conn_free(conn->context);
 
-	connection_deinit(&conn->conn);
-
 	i_free(conn->proxy_helo);
 	i_free(conn->helo_domain);
 	i_free(conn->username);
-- 
2.47.3