diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 530de2d12..ca5b9d79e 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -3830,10 +3830,10 @@ free_userspec(struct userspec *us) /* * Initialized a sudoers parse tree. + * Takes ownership of lhost and shost. */ void -init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, - const char *shost) +init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost) { TAILQ_INIT(&parse_tree->userspecs); TAILQ_INIT(&parse_tree->defaults); @@ -3864,6 +3864,10 @@ free_parse_tree(struct sudoers_parse_tree *parse_tree) free_defaults(&parse_tree->defaults); free_aliases(parse_tree->aliases); parse_tree->aliases = NULL; + free(parse_tree->lhost); + if (parse_tree->shost != parse_tree->lhost) + free(parse_tree->shost); + parse_tree->lhost = parse_tree->shost = NULL; } /* diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 82c352077..1dad0608c 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -1674,10 +1674,10 @@ free_userspec(struct userspec *us) /* * Initialized a sudoers parse tree. + * Takes ownership of lhost and shost. */ void -init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, - const char *shost) +init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost) { TAILQ_INIT(&parse_tree->userspecs); TAILQ_INIT(&parse_tree->defaults); @@ -1708,6 +1708,10 @@ free_parse_tree(struct sudoers_parse_tree *parse_tree) free_defaults(&parse_tree->defaults); free_aliases(parse_tree->aliases); parse_tree->aliases = NULL; + free(parse_tree->lhost); + if (parse_tree->shost != parse_tree->lhost) + free(parse_tree->shost); + parse_tree->lhost = parse_tree->shost = NULL; } /* diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index 2984c5833..549b6d04d 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -294,7 +294,7 @@ struct sudoers_parse_tree { struct userspec_list userspecs; struct defaults_list defaults; struct rbtree *aliases; - const char *shost, *lhost; + char *shost, *lhost; }; /* @@ -366,7 +366,7 @@ void free_userspec(struct userspec *us); void free_userspecs(struct userspec_list *usl); void free_default(struct defaults *def, struct member_list **binding); void free_defaults(struct defaults_list *defs); -void init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, const char *shost); +void init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost); void free_parse_tree(struct sudoers_parse_tree *parse_tree); void reparent_parse_tree(struct sudoers_parse_tree *new_tree); bool parser_leak_add(enum parser_leak_types type, void *v); diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c index ef74462f7..b591f3339 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c @@ -273,7 +273,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } /* Only one sudoers source, the sudoers file itself. */ - init_parse_tree(&parse_tree, user_host, user_shost); + init_parse_tree(&parse_tree, NULL, NULL); memset(&sudo_nss_fuzz, 0, sizeof(sudo_nss_fuzz)); sudo_nss_fuzz.parse_tree = &parse_tree; sudo_nss_fuzz.query = sudo_fuzz_query; diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c index e396d8466..8f15e576b 100644 --- a/plugins/sudoers/sssd.c +++ b/plugins/sudoers/sssd.c @@ -532,9 +532,6 @@ sudo_sss_close(struct sudo_nss *nss) sudo_dso_unload(handle->ssslib); if (handle->pw != NULL) sudo_pw_delref(handle->pw); - free(handle->ipa_host); - if (handle->ipa_host != handle->ipa_shost) - free(handle->ipa_shost); free_parse_tree(&handle->parse_tree); free(handle); nss->handle = NULL;