CtdlUnregisterRoomHook(): fix possible nullpointer deref

diff --git a/citadel/serv_extensions.c b/citadel/serv_extensions.c
index 32cf539701a3d88405259862813ca1fb1a78cc3b..fe15aa785c438b781448f368bc314e97458d4c2a 100644 (file)
--- a/citadel/serv_extensions.c
+++ b/citadel/serv_extensions.c
@@ -757,18 +757,25 @@ void CtdlRegisterRoomHook(int (*fcn_ptr)(struct ctdlroom *))
 
 void CtdlUnregisterRoomHook(int (*fcn_ptr)(struct ctdlroom *))
 {
-       RoomFunctionHook *cur, *p;
+       RoomFunctionHook *cur, *p, *last;
 
-       for (cur = RoomHookTable; cur != NULL; cur = cur->next) {
-               while (cur != NULL && fcn_ptr == cur->fcn_ptr) {
+       for (last = NULL, cur = RoomHookTable;
+            cur != NULL;
+            cur = cur->next)
+       {
+               if (fcn_ptr == cur->fcn_ptr) {
                        MODM_syslog(LOG_DEBUG, "Unregistered room function\n");
                        p = cur->next;
-                       if (cur == RoomHookTable) {
-                               RoomHookTable = p;
-                       }
+
                        free(cur);
-                       cur = p;
+                       cur = NULL;
+
+                       if (last != NULL)
+                               last->next = p;
+                       else 
+                               RoomHookTable = p;
                }
+               last = cur;
        }
 }