init_parse_tree() now takes ownership of lhost and shost, if any.

This means that lhost and shost in struct sudoers_parse_tree are no longer const and that free_parse_tree() will free lhost/shost. The only consumer that passed in lho.st/shost was the SSSD back-end which has been updated to avoid a double-free.
2021-11-19 12:29:21 -07:00
parent cc79038730
commit 730ebabdba
5 changed files with 15 additions and 10 deletions
--- a/plugins/sudoers/gram.c
+++ b/plugins/sudoers/gram.c
@@ -3830,10 +3830,10 @@ free_userspec(struct userspec *us)
 /*
 * Initialized a sudoers parse tree.
 * Takes ownership of lhost and shost.
 */
 void
-init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost,
+init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost)
    const char *shost)
 {
    TAILQ_INIT(&parse_tree->userspecs);
    TAILQ_INIT(&parse_tree->defaults);
@@ -3864,6 +3864,10 @@ free_parse_tree(struct sudoers_parse_tree *parse_tree)
    free_defaults(&parse_tree->defaults);
    free_aliases(parse_tree->aliases);
    parse_tree->aliases = NULL;
    free(parse_tree->lhost);
    if (parse_tree->shost != parse_tree->lhost)
 	free(parse_tree->shost);
    parse_tree->lhost = parse_tree->shost = NULL;
 }
 /*
--- a/plugins/sudoers/gram.y
+++ b/plugins/sudoers/gram.y
@@ -1674,10 +1674,10 @@ free_userspec(struct userspec *us)
 /*
 * Initialized a sudoers parse tree.
 * Takes ownership of lhost and shost.
 */
 void
-init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost,
+init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost)
    const char *shost)
 {
    TAILQ_INIT(&parse_tree->userspecs);
    TAILQ_INIT(&parse_tree->defaults);
@@ -1708,6 +1708,10 @@ free_parse_tree(struct sudoers_parse_tree *parse_tree)
    free_defaults(&parse_tree->defaults);
    free_aliases(parse_tree->aliases);
    parse_tree->aliases = NULL;
    free(parse_tree->lhost);
    if (parse_tree->shost != parse_tree->lhost)
 	free(parse_tree->shost);
    parse_tree->lhost = parse_tree->shost = NULL;
 }
 /*
--- a/plugins/sudoers/parse.h
+++ b/plugins/sudoers/parse.h
@@ -294,7 +294,7 @@ struct sudoers_parse_tree {
    struct userspec_list userspecs;
    struct defaults_list defaults;
    struct rbtree *aliases;
-    const char *shost, *lhost;
+    char *shost, *lhost;
 };
 /*
@@ -366,7 +366,7 @@ void free_userspec(struct userspec *us);
 void free_userspecs(struct userspec_list *usl);
 void free_default(struct defaults *def, struct member_list **binding);
 void free_defaults(struct defaults_list *defs);
-void init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, const char *shost);
+void init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost);
 void free_parse_tree(struct sudoers_parse_tree *parse_tree);
 void reparent_parse_tree(struct sudoers_parse_tree *new_tree);
 bool parser_leak_add(enum parser_leak_types type, void *v);
--- a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c
+++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c
@@ -273,7 +273,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
    }
    /* Only one sudoers source, the sudoers file itself. */
-    init_parse_tree(&parse_tree, user_host, user_shost);
+    init_parse_tree(&parse_tree, NULL, NULL);
    memset(&sudo_nss_fuzz, 0, sizeof(sudo_nss_fuzz));
    sudo_nss_fuzz.parse_tree = &parse_tree;
    sudo_nss_fuzz.query = sudo_fuzz_query;
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -532,9 +532,6 @@ sudo_sss_close(struct sudo_nss *nss)
 	sudo_dso_unload(handle->ssslib);
 	if (handle->pw != NULL)
 	    sudo_pw_delref(handle->pw);
 	free(handle->ipa_host);
 	if (handle->ipa_host != handle->ipa_shost)
 	    free(handle->ipa_shost);
 	free_parse_tree(&handle->parse_tree);
 	free(handle);
 	nss->handle = NULL;