Merged revisions 290396 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.6.2

................
  r290396 | tilghman | 2010-10-05 15:21:02 -0500 (Tue, 05 Oct 2010) | 15 lines

  Merged revisions 290392 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.4

  ........
    r290392 | tilghman | 2010-10-05 15:20:07 -0500 (Tue, 05 Oct 2010) | 8 lines

    Fix a crash by ensuring that we don't alter memory after it's freed.

    (closes issue #17387)
     Reported by: jmls
     Patches:
           20100726__issue17387.diff.txt uploaded by tilghman (license 14)
     Tested by: jmls
  ........
................

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@290408 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/res/res_jabber.c b/res/res_jabber.c
index 9548dd80007f5e4204a506e6c9900411a55d94ff..ccf9d3d30e265ab01e60d5d74b10bb27c60bbd4a 100644 (file)
--- a/res/res_jabber.c
+++ b/res/res_jabber.c
@@ -3038,20 +3038,23 @@ static int aji_get_roster(struct aji_client *client)
 static int aji_client_connect(void *data, ikspak *pak)
 {
        struct aji_client *client = ASTOBJ_REF((struct aji_client *) data);
-       int res = 0;
+       int res = IKS_FILTER_PASS;
 
        if (client) {
                if (client->state == AJI_DISCONNECTED) {
                        iks_filter_add_rule(client->f, aji_filter_roster, client, IKS_RULE_TYPE, IKS_PAK_IQ, IKS_RULE_SUBTYPE, IKS_TYPE_RESULT, IKS_RULE_ID, "roster", IKS_RULE_DONE);
                        client->state = AJI_CONNECTING;
                        client->jid = (iks_find_cdata(pak->query, "jid")) ? iks_id_new(client->stack, iks_find_cdata(pak->query, "jid")) : client->jid;
-                       iks_filter_remove_hook(client->f, aji_client_connect);
                        if (!client->component) { /*client*/
                                aji_get_roster(client);
-                               if (client->distribute_events) {
-                                       aji_init_event_distribution(client);
-                               }
                        }
+                       if (client->distribute_events) {
+                               aji_init_event_distribution(client);
+                       }
+
+                       iks_filter_remove_hook(client->f, aji_client_connect);
+                       /* Once we remove the hook for this routine, we must return EAT or we will crash or corrupt memory */
+                       res = IKS_FILTER_EAT;
                }
        } else {
                ast_log(LOG_ERROR, "Out of memory.\n");