From 71997da168ec173f4cf367f2e13bc25c6bf8fe02 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 2 Feb 2021 10:27:27 -0700
Subject: [PATCH] Fix potential leak of evlog->runuser. Also warn if we find an
 unexpected JSON type.

---
 lib/iolog/iolog_json.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/iolog/iolog_json.c b/lib/iolog/iolog_json.c
index cb3b4b4db..2ec0c603e 100644
--- a/lib/iolog/iolog_json.c
+++ b/lib/iolog/iolog_json.c
@@ -197,7 +197,7 @@ json_store_runuser(struct json_item *item, struct eventlog *evlog)
 {
     debug_decl(json_store_runuser, SUDO_DEBUG_UTIL);
 
-    free(evlog->rungroup);
+    free(evlog->runuser);
     evlog->runuser = item->u.string;
     item->u.string = NULL;
     debug_return_bool(true);
@@ -412,7 +412,15 @@ free_json_items(struct json_item_list *items)
 	case JSON_OBJECT:
 	    free_json_items(&item->u.child.items);
 	    break;
+	case JSON_ID:
+	case JSON_NUMBER:
+	case JSON_BOOL:
+	case JSON_NULL:
+	    /* Nothing to free. */
+	    break;
 	default:
+	    sudo_warnx("%s: internal error, invalid JSON type %d",
+		__func__, item->type);
 	    break;
 	}
 	free(item->name);