Plug memory leaks on parse error or when an LDIF entry doesn't match

the dn filter.

diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c
index de26e0a52d039153fd79db88ec060b4a1b38be52..da473900530f4cf33ae99b8acb50258445e8aaf7 100644 (file)
--- a/plugins/sudoers/cvtsudoers_ldif.c
+++ b/plugins/sudoers/cvtsudoers_ldif.c
@@ -530,6 +530,27 @@ struct sudo_role {
 };
 STAILQ_HEAD(sudo_role_list, sudo_role);
 
+static void
+sudo_role_free(struct sudo_role *role)
+{
+    debug_decl(sudo_role_free, SUDOERS_DEBUG_UTIL)
+
+    if (role != NULL) {
+       free(role->cn);
+       free(role->notbefore);
+       free(role->notafter);
+       str_list_free(role->cmnds);
+       str_list_free(role->hosts);
+       str_list_free(role->users);
+       str_list_free(role->runasusers);
+       str_list_free(role->runasgroups);
+       str_list_free(role->options);
+       free(role);
+    }
+
+    debug_return;
+}
+
 static struct sudo_role *
 sudo_role_alloc(void)
 {
@@ -547,13 +568,7 @@ sudo_role_alloc(void)
        if (role->cmnds == NULL || role->hosts == NULL ||
            role->users == NULL || role->runasusers == NULL ||
            role->runasgroups == NULL || role->options == NULL) {
-           str_list_free(role->cmnds);
-           str_list_free(role->hosts);
-           str_list_free(role->users);
-           str_list_free(role->runasusers);
-           str_list_free(role->runasgroups);
-           str_list_free(role->options);
-           free(role);
+           sudo_role_free(role);
            role = NULL;
        }
     }
@@ -561,27 +576,6 @@ sudo_role_alloc(void)
     debug_return_ptr(role);
 }
 
-static void
-sudo_role_free(struct sudo_role *role)
-{
-    debug_decl(sudo_role_free, SUDOERS_DEBUG_UTIL)
-
-    if (role != NULL) {
-       free(role->cn);
-       free(role->notbefore);
-       free(role->notafter);
-       str_list_free(role->cmnds);
-       str_list_free(role->hosts);
-       str_list_free(role->users);
-       str_list_free(role->runasusers);
-       str_list_free(role->runasgroups);
-       str_list_free(role->options);
-       free(role);
-    }
-
-    debug_return;
-}
-
 /*
  * Allocate a struct cvtsudoers_string, store str in it and
  * insert into the specified strlist.
@@ -1010,12 +1004,14 @@ parse_ldif(const char *input_file, struct cvtsudoers_config *conf)
                if (role->cn != NULL && strcmp(role->cn, "defaults") == 0) {
                    ldif_store_options(role->options);
                    sudo_role_free(role);
+                   role = NULL;
                } else if (STAILQ_EMPTY(role->users) ||
                    STAILQ_EMPTY(role->hosts) || STAILQ_EMPTY(role->cmnds)) {
                    /* Incomplete role. */
                    sudo_warnx(U_("ignoring incomplete sudoRole: cn: %s"),
                        role->cn ? role->cn : "UNKNOWN");
                    sudo_role_free(role);
+                   role = NULL;
                } else {
                    /* Cache users, hosts, runasusers and runasgroups. */
                    if (str_list_cache(usercache, &role->users) == -1 ||
@@ -1034,7 +1030,8 @@ parse_ldif(const char *input_file, struct cvtsudoers_config *conf)
                in_role = false;
            }
            if (len == -1) {
-               free(role);
+               sudo_role_free(role);
+               role = NULL;
                break;
            }
            mismatch = false;
@@ -1170,6 +1167,7 @@ parse_ldif(const char *input_file, struct cvtsudoers_config *conf)
            }
        }
     }
+    sudo_role_free(role);
     free(line);
 
     /* Convert from roles to sudoers data structures. */