From: Todd C. Miller Date: Thu, 3 May 2018 16:51:11 +0000 (-0600) Subject: Plug memory leaks on parse error or when an LDIF entry doesn't match X-Git-Tag: SUDO_1_8_24^2~96 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b0c13e995cb377c4eff0d6b93b0f2cb9a9cdf477;p=sudo Plug memory leaks on parse error or when an LDIF entry doesn't match the dn filter. --- diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c index de26e0a52..da4739005 100644 --- a/plugins/sudoers/cvtsudoers_ldif.c +++ b/plugins/sudoers/cvtsudoers_ldif.c @@ -530,6 +530,27 @@ struct sudo_role { }; STAILQ_HEAD(sudo_role_list, sudo_role); +static void +sudo_role_free(struct sudo_role *role) +{ + debug_decl(sudo_role_free, SUDOERS_DEBUG_UTIL) + + if (role != NULL) { + free(role->cn); + free(role->notbefore); + free(role->notafter); + str_list_free(role->cmnds); + str_list_free(role->hosts); + str_list_free(role->users); + str_list_free(role->runasusers); + str_list_free(role->runasgroups); + str_list_free(role->options); + free(role); + } + + debug_return; +} + static struct sudo_role * sudo_role_alloc(void) { @@ -547,13 +568,7 @@ sudo_role_alloc(void) if (role->cmnds == NULL || role->hosts == NULL || role->users == NULL || role->runasusers == NULL || role->runasgroups == NULL || role->options == NULL) { - str_list_free(role->cmnds); - str_list_free(role->hosts); - str_list_free(role->users); - str_list_free(role->runasusers); - str_list_free(role->runasgroups); - str_list_free(role->options); - free(role); + sudo_role_free(role); role = NULL; } } @@ -561,27 +576,6 @@ sudo_role_alloc(void) debug_return_ptr(role); } -static void -sudo_role_free(struct sudo_role *role) -{ - debug_decl(sudo_role_free, SUDOERS_DEBUG_UTIL) - - if (role != NULL) { - free(role->cn); - free(role->notbefore); - free(role->notafter); - str_list_free(role->cmnds); - str_list_free(role->hosts); - str_list_free(role->users); - str_list_free(role->runasusers); - str_list_free(role->runasgroups); - str_list_free(role->options); - free(role); - } - - debug_return; -} - /* * Allocate a struct cvtsudoers_string, store str in it and * insert into the specified strlist. @@ -1010,12 +1004,14 @@ parse_ldif(const char *input_file, struct cvtsudoers_config *conf) if (role->cn != NULL && strcmp(role->cn, "defaults") == 0) { ldif_store_options(role->options); sudo_role_free(role); + role = NULL; } else if (STAILQ_EMPTY(role->users) || STAILQ_EMPTY(role->hosts) || STAILQ_EMPTY(role->cmnds)) { /* Incomplete role. */ sudo_warnx(U_("ignoring incomplete sudoRole: cn: %s"), role->cn ? role->cn : "UNKNOWN"); sudo_role_free(role); + role = NULL; } else { /* Cache users, hosts, runasusers and runasgroups. */ if (str_list_cache(usercache, &role->users) == -1 || @@ -1034,7 +1030,8 @@ parse_ldif(const char *input_file, struct cvtsudoers_config *conf) in_role = false; } if (len == -1) { - free(role); + sudo_role_free(role); + role = NULL; break; } mismatch = false; @@ -1170,6 +1167,7 @@ parse_ldif(const char *input_file, struct cvtsudoers_config *conf) } } } + sudo_role_free(role); free(line); /* Convert from roles to sudoers data structures. */