From 4bcf1db4ec37b6621025f82833463b601bb22690 Mon Sep 17 00:00:00 2001
From: LDA <lda@ari.lt>
Date: Sat, 29 Jun 2024 14:54:39 +0200
Subject: [PATCH] [FIX] Fix use-after-free on DMs

---
 XEPS-TBD.TXT             | 3 ++-
 src/MatrixEventHandler.c | 5 ++++-
 src/Routes/Media.c       | 5 ++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/XEPS-TBD.TXT b/XEPS-TBD.TXT
index 16d7435..8f34671 100644
--- a/XEPS-TBD.TXT
+++ b/XEPS-TBD.TXT
@@ -13,7 +13,8 @@ For future XEPs:
         Informations on what a user is listening to. Matrix doesn't have 
         good support for status, to be frank. Clients (including KappaChat) 
         should consider having more support for those, rather than it being 
-        stuck as a FluffyChat/Nheko feature for the good of the entire federation.
+        stuck as a FluffyChat/Nheko feature for the good of the entire 
+        federation.
         As such, if _any_ client devs hear this, please consider adding these, 
         (especially if you're a smElement employee!)
 
diff --git a/src/MatrixEventHandler.c b/src/MatrixEventHandler.c
index f521b8c..606e92e 100644
--- a/src/MatrixEventHandler.c
+++ b/src/MatrixEventHandler.c
@@ -143,11 +143,11 @@ ParseeMessageHandler(ParseeData *data, HashMap *event)
     ref = DbLock(data->db, 3, "rooms", id, "data");
     json = DbJson(ref);
     direct = JsonValueAsBoolean(HashMapGet(json, "is_direct"));
-    DbUnlock(data->db, ref);
 
     if (ParseeIsPuppet(data->config, sender) || 
         ParseeManageBan(data, sender, id))
     {
+        DbUnlock(data->db, ref);
         Free(chat_id);
         Free(reply_id);
         Free(xepd);
@@ -158,6 +158,7 @@ ParseeMessageHandler(ParseeData *data, HashMap *event)
     {
         ParseeBotHandler(data, event);
 
+        DbUnlock(data->db, ref);
         Free(chat_id);
         Free(reply_id);
         Free(xepd);
@@ -172,6 +173,7 @@ ParseeMessageHandler(ParseeData *data, HashMap *event)
 
         XMPPSendPlain(jabber, local, user, body, NULL, NULL, NULL, ev_id, NULL);
 
+        DbUnlock(data->db, ref);
         Free(chat_id);
         Free(local);
         Free(reply_id);
@@ -179,6 +181,7 @@ ParseeMessageHandler(ParseeData *data, HashMap *event)
         return;
     }
 
+    DbUnlock(data->db, ref);
     /* Try to find the chat ID */
     muc_id  = ParseeGetMUCID(data, chat_id);
     if (!chat_id)
diff --git a/src/Routes/Media.c b/src/Routes/Media.c
index e39a602..45d79d0 100644
--- a/src/Routes/Media.c
+++ b/src/Routes/Media.c
@@ -39,7 +39,10 @@ RouteHead(RouteMedia, arr, argp)
         HttpResponseHeader(args->ctx, key, val);
     }
     HttpSendHeaders(args->ctx);
-    StreamCopy(HttpClientStream(cctx), HttpServerStream(args->ctx));
+    if (HttpRequestMethodGet(args->ctx) != HTTP_HEAD)
+    {
+        StreamCopy(HttpClientStream(cctx), HttpServerStream(args->ctx));
+    }
 
     HttpClientContextFree(cctx);
     Free(server);