Fix the dereference of a free()'d struct in m_endburst.c.

git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/trunk@1411 c9e4aea6-c8fd-4c43-8297-357d70d61c8c

diff --git a/ChangeLog b/ChangeLog
index 131f568f084e0d91d313f7ca48cbe8f8a36a2428..13bb5e5f16a50bfcbf226e480ec80168fb6e904b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
        * ircd/IPcheck.c: Add Debug()s to try to track why the connected
        count underflows.
 
+       * ircd/m_endburst.c (ms_endofburst): Avoid dereferencing 'chan'
+       after it may be freed (in sub1_from_channel).
+
 2005-05-12  Michael Poole <mdpoole@troilus.org>
 
        * configure.in: Do not try to outsmart the default CFLAGS.

diff --git a/ircd/m_endburst.c b/ircd/m_endburst.c
index aea0decf8ae8544f839e84a80dd5a9f1d6cc78e0..46d51ae0a105ad8f84bc684ef35dcbb081ad982b 100644 (file)
--- a/ircd/m_endburst.c
+++ b/ircd/m_endburst.c
@@ -126,13 +126,12 @@ int ms_end_of_burst(struct Client* cptr, struct Client* sptr, int parc, char* pa
   /* Count through channels... */
   for (chan = GlobalChannelList; chan; chan = next_chan) {
     next_chan = chan->next;
-
-    if (!chan->members) { /* empty channel */
-      if ((chan->mode.mode & MODE_BURSTADDED))
-       sub1_from_channel(chan); /* New empty channel, schedule it for removal. */
-    }
-
-    chan->mode.mode &= ~MODE_BURSTADDED;
+    if (!chan->members && (chan->mode.mode & MODE_BURSTADDED)) {
+      /* Newly empty channel, schedule it for removal. */
+      chan->mode.mode &= ~MODE_BURSTADDED;
+      sub1_from_channel(chan);
+   } else
+      chan->mode.mode &= ~MODE_BURSTADDED;
   }
 
   return 0;