From 3022d7cff35118b6651c1165227aa79d759d9bfd Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 5 Feb 2008 13:07:14 +0000
Subject: [PATCH] Don't use Client_Type after command has been processed.

This caused a read from already free'd memory, if the processed
command (IRC_QUIT) calls Client_Destroy.
---
 src/ngircd/parse.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c
index d3065bf4..31ac99f5 100644
--- a/src/ngircd/parse.c
+++ b/src/ngircd/parse.c
@@ -12,7 +12,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: parse.c,v 1.70 2008/01/13 16:12:49 fw Exp $";
+static char UNUSED id[] = "$Id: parse.c,v 1.71 2008/02/05 13:07:14 fw Exp $";
 
 /**
  * @file
@@ -421,6 +421,7 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 	 * wird die Verbindung geschlossen und false geliefert. */
 	CLIENT *client;
 	bool result = true;
+	int client_type;
 	COMMAND *cmd;
 
 	assert( Idx >= 0 );
@@ -431,8 +432,9 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 	assert( client != NULL );
 
 	/* Numeric? */
-	if ((Client_Type(client) == CLIENT_SERVER ||
-	     Client_Type(client) == CLIENT_UNKNOWNSERVER)
+	client_type = Client_Type(client);
+	if ((client_type == CLIENT_SERVER ||
+	     client_type == CLIENT_UNKNOWNSERVER)
 	    && strlen(Req->command) == 3 && atoi(Req->command) > 1)
 		return Handle_Numeric(client, Req);
 
@@ -444,7 +446,7 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 			continue;
 		}
 
-		if (!(Client_Type(client) & cmd->type))
+		if (!(client_type & cmd->type))
 			return IRC_WriteStrClient(client, ERR_NOTREGISTERED_MSG, Client_ID(client));
 
 		/* Command is allowed for this client: call it and count produced bytes */
@@ -453,16 +455,16 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 		cmd->bytes += Conn_WCounter();
 
 		/* Adjust counters */
-		if (Client_Type(client) != CLIENT_SERVER)
+		if (client_type != CLIENT_SERVER)
 			cmd->lcount++;
 		else
 			cmd->rcount++;
 		return result;
 	}
 
-	if (Client_Type( client ) != CLIENT_USER &&
-	    Client_Type( client ) != CLIENT_SERVER &&
-	    Client_Type( client ) != CLIENT_SERVICE )
+	if (client_type != CLIENT_USER &&
+	    client_type != CLIENT_SERVER &&
+	    client_type != CLIENT_SERVICE )
 		return true;
 
 	/* Unknown command and registered connection: generate error: */
-- 
2.39.2