# Fix a NULL pointer dereference in route_replies
#
# When there was only one client with a pending request and that client
# disconnected from ZNC, we didn't destroy the timeout. This means that the
# associated timer eventually fired and then tried to display which request caused
# the timeout. But since we already cleaned up the rest, this resulted in a NULL
# pointer dereference.
#
# This commit fixes also another bug: If two different clients got pending
# requests and the client whose request was currently handled disconnected, we
# didn't send the other client's request to the IRCd.
diff -Naur znc-0.092.orig//modules/route_replies.cpp znc-0.092/modules/route_replies.cpp
--- znc-0.092.orig//modules/route_replies.cpp 2010-05-02 10:36:57.000000000 +0200
+++ znc-0.092/modules/route_replies.cpp 2010-08-18 18:50:37.000000000 +0200
@@ -180,16 +180,17 @@
if (m_pClient == m_pDoing) {
// The replies which aren't received yet will be
// broadcasted to everyone, but at least nothing breaks
+ RemTimer("RouteTimeout");
m_pDoing = NULL;
m_pReplies = NULL;
}
it = m_vsPending.find(m_pClient);
- if (it == m_vsPending.end())
- return;
+ if (it != m_vsPending.end())
+ m_vsPending.erase(it);
- m_vsPending.erase(it);
+ SendRequest();
}
virtual EModRet OnRaw(CString& sLine)
![[patchlogo]](http://patch-tracker.debian.org/static/img/swirlpatch.png)