From: guiniol <gui-gui@netcourrier.com>
Date: Wed, 1 Feb 2017 13:26:35 +0000 (+0100)
Subject: Remove two use-after free in global hooks (#353)
X-Git-Tag: neomutt-20170206~7
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=384726d556c8a040a66b41eaecd506e909508cab;p=neomutt

Remove two use-after free in global hooks (#353)

Fixes #347
In both mutt_timeout_hook and mutt_startup_shutdown_hook, we iterate on
the list of hooks and try to execute the right ones, always using the
same buffer. The buffer must be free'd after all the hooks have been
checked and not after the first hook which fails. This also removes a
memory leak, because the buffer was never freed if no hook failed.
---

diff --git a/hook.c b/hook.c
index 9230ead27..45b48db69 100644
--- a/hook.c
+++ b/hook.c
@@ -587,7 +587,6 @@ void mutt_timeout_hook (void)
 
     if (mutt_parse_rc_line (hook->command, &token, &err) == -1)
     {
-      FREE (&token.data);
       mutt_error ("%s", err.data);
       mutt_sleep (1);
 
@@ -595,6 +594,7 @@ void mutt_timeout_hook (void)
        * failed, we'll carry on with the others. */
     }
   }
+  FREE (&token.data);
 }
 
 /**
@@ -622,11 +622,11 @@ void mutt_startup_shutdown_hook (int type)
 
     if (mutt_parse_rc_line (hook->command, &token, &err) == -1)
     {
-      FREE (&token.data);
       mutt_error ("%s", err.data);
       mutt_sleep (1);
 
     }
   }
+  FREE (&token.data);
 }