Users can make MU-conference 0.6.0 crash

if jabber:iq:time is requested from a room JID, because of the 
free(str) call below!

The free call is not needed as ctime comes from a statically allocated buffer

--- jabber-muc-0.6.0/src/conference_room.c	2006-09-06 23:10:36.000000000 +0100
+++ jabber-muc-0.6.0/src/conference_room.c	2006-09-06 23:22:55.000000000 +0100
@@ -657,13 +657,13 @@
             xmlnode_put_attrib(q,"version",VERSION);
 
             xmlnode_insert_cdata(xmlnode_insert_tag(q,"ns"),NS_MUC,-1);
-	    xmlnode_insert_cdata(xmlnode_insert_tag(jp->iq, "ns"), NS_DISCO, -1);
-	    xmlnode_insert_cdata(xmlnode_insert_tag(jp->iq, "ns"), NS_BROWSE, -1);
+	    xmlnode_insert_cdata(xmlnode_insert_tag(q, "ns"), NS_DISCO, -1);
+	    xmlnode_insert_cdata(xmlnode_insert_tag(q, "ns"), NS_BROWSE, -1);
 	    /* xmlnode_insert_cdata(xmlnode_insert_tag(jp->iq, "ns"), NS_REGISTER, -1); */
-	    xmlnode_insert_cdata(xmlnode_insert_tag(jp->iq, "ns"), NS_VERSION, -1);
-	    xmlnode_insert_cdata(xmlnode_insert_tag(jp->iq, "ns"), NS_LAST, -1);
-	    xmlnode_insert_cdata(xmlnode_insert_tag(jp->iq, "ns"), NS_TIME, -1);
-	    xmlnode_insert_cdata(xmlnode_insert_tag(jp->iq, "ns"), NS_VCARD, -1);
+	    xmlnode_insert_cdata(xmlnode_insert_tag(q, "ns"), NS_VERSION, -1);
+	    xmlnode_insert_cdata(xmlnode_insert_tag(q, "ns"), NS_LAST, -1);
+	    xmlnode_insert_cdata(xmlnode_insert_tag(q, "ns"), NS_TIME, -1);
+	    xmlnode_insert_cdata(xmlnode_insert_tag(q, "ns"), NS_VCARD, -1);
 
             deliver(dpacket_new(jp->x), NULL);
             return;
@@ -720,7 +720,7 @@
             str[strlen(str) - 1] = '\0'; /* cut off newline */
             xmlnode_insert_cdata(xmlnode_insert_tag(jp->iq, "display"), pstrdup(jp->p, str), -1);
  
-            free(str);
+            /* free(str) removed by Michael John Wensley */
              
             deliver(dpacket_new(jp->x),NULL);
 	    return;