commit de4676f066c7d5a125d485a62ec180fc6596cc3b
from: Florian Westphal <fw@strlen.de>
date: Tue Feb 05 13:11:20 2008 UTC

[Parser]: Don't use Client_Type after command has been processed.

This caused a read from already free'd memory, if the processed
command (IRC_QUIT) calls Client_Destroy. (from HEAD)

commit - 64a98338d5b3b49c5e6817fdf8f4c4a2e8285933
commit + de4676f066c7d5a125d485a62ec180fc6596cc3b
blob - 5109169b72a068b8ff4655adda8bcb6637c093b1
blob + f77d5b08d88ba062327825c28447145e60933156
--- src/ngircd/parse.c
+++ src/ngircd/parse.c
@@ -12,7 +12,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: parse.c,v 1.69 2007/11/21 12:16:36 alex Exp $";
+static char UNUSED id[] = "$Id: parse.c,v 1.69.2.1 2008/02/05 13:11:20 fw Exp $";
 
 /**
  * @file
@@ -358,7 +358,7 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 	bool result;
 	COMMAND *cmd;
 	NUMERIC *num;
-	int i;
+	int i, client_type;
 
 	assert( Idx >= 0 );
 	assert( Req != NULL );
@@ -436,6 +436,7 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 	}
 
 	cmd = My_Commands;
+	client_type = Client_Type(client);
 	while( cmd->name )
 	{
 		/* Befehl suchen */
@@ -444,7 +445,7 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 			cmd++; continue;
 		}
 
-		if( Client_Type( client ) & cmd->type )
+		if( client_type & cmd->type )
 		{
 			/* Command is allowed for this client: call it and count produced bytes */
 			Conn_ResetWCounter( );
@@ -452,7 +453,7 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 			cmd->bytes += Conn_WCounter( );
 
 			/* Adjust counters */
-			if( Client_Type( client ) != CLIENT_SERVER ) cmd->lcount++;
+			if( client_type != CLIENT_SERVER ) cmd->lcount++;
 			else cmd->rcount++;
 
 			return result;