Use after free in nNetObject::ClearKnows

nNetObject::TakeOwnership() does not properly what it claims, it forgets to set the owner.

Therefore, if the previously owning client quits while an object where TakeOwnership() has been called on and there is no other reference to that object, ClearKnows() executes an additional cleanup path (guarded by an owner check). In that path, a bounce smart pointer may destroy the object, but ClearKnows() still uses it afterwards.

Originally reported on Launchpad.

The 0.2.8.3 branch was affected still, the issue had been long fixed for 0.2.9.