Browse code

registar: proper unlinking deleted contact to avoid invalid memory access

- based on a report and patch by Dragos Oancea

Daniel-Constantin Mierla authored on 27/02/2014 22:47:06
Showing 1 changed files
... ...
@@ -695,10 +695,10 @@ static inline int update_contacts(struct sip_msg* _m, urecord_t* _r,
695 695
 				ptr=_r->contacts;
696 696
 				while(ptr)
697 697
 				{
698
-					ptr0 = ptr;
698
+					ptr0 = ptr->next;
699 699
 					if(ptr!=c)
700 700
 						ul.delete_ucontact(_r, ptr);
701
-					ptr=ptr0->next;
701
+					ptr=ptr0;
702 702
 				}
703 703
 				updated=1;
704 704
 			}
... ...
@@ -725,10 +725,10 @@ static inline int update_contacts(struct sip_msg* _m, urecord_t* _r,
725 725
 					ptr=_r->contacts;
726 726
 					while(ptr)
727 727
 					{
728
-						ptr0 = ptr;
728
+						ptr0 = ptr->next;
729 729
 						if(ptr!=c)
730 730
 							ul.delete_ucontact(_r, ptr);
731
-						ptr=ptr0->next;
731
+						ptr=ptr0;
732 732
 					}
733 733
 					updated=1;
734 734
 				}