From d697de31862bc659461498bb5169e7a9bdd525b2 Mon Sep 17 00:00:00 2001
From: Alexander Barton <alex@barton.de>
Date: Tue, 26 May 2020 00:05:22 +0200
Subject: [PATCH] IRC_SQUIT(): Fix use-after-free when unregistering the
 sending client

---
 src/ngircd/irc-server.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/ngircd/irc-server.c b/src/ngircd/irc-server.c
index 10f1ef69..3f9753b9 100644
--- a/src/ngircd/irc-server.c
+++ b/src/ngircd/irc-server.c
@@ -367,7 +367,7 @@ IRC_SQUIT(CLIENT * Client, REQUEST * Req)
 {
 	char msg[COMMAND_LEN], logmsg[COMMAND_LEN];
 	CLIENT *from, *target;
-	CONN_ID con;
+	CONN_ID con, client_con;
 	int loglevel;
 
 	assert(Client != NULL);
@@ -407,6 +407,7 @@ IRC_SQUIT(CLIENT * Client, REQUEST * Req)
 		return CONNECTED;
 	}
 
+	client_con = Client_Conn(Client);
 	con = Client_Conn(target);
 
 	if (Req->argv[1][0])
@@ -428,7 +429,7 @@ IRC_SQUIT(CLIENT * Client, REQUEST * Req)
 				Req->argv[0], Client_ID(from),
 				Req->argv[1][0] ? Req->argv[1] : "-");
 		Conn_Close(con, NULL, msg, true);
-		if (con == Client_Conn(Client))
+		if (con == client_con)
 			return DISCONNECTED;
 	} else {
 		/* This server is not directly connected, so the SQUIT must