#24 TCLODBC crashes when stmt name reused after disconnect

[Lincoln]

The following scenario may cause a crash by calling
SQLFreeStmt on an invalid statement handle.

database db1 <connection string 1>
db1 statement st1 <a valid SQL statement>
db1 statement st2 <a valid SQL statement>
db1 disconnect
database db2 <connection string 2>
db2 statement st1 <a valid SQL statement>

This final step will access freed memory
and will cause a crash if the memory has been
overwritten since it was freed.

The first definition of st1 is not properly destroyed
because the linked list implementation in database.cxx
is incomplete. It adds the new element p to the
beginning of the existing linked list, but it does not
update the value of p->pNext. This means that p->pNext
keeps its initial value of NULL, and none of the
elements except the first element in the list
will be accessible by traversing pNext.

void TclCmdObject::AddToMyList(TclCmdObject *p) {
if (pNext)
pNext->pPrev = p;
pNext = p;
pNext->pPrev = this;
}

The fix would be to add the following line
within (or immediately after) the if statement:

p->pNext = pNext;