init_parse_tree() now takes ownership of lhost and shost, if any.

This means that lhost and shost in struct sudoers_parse_tree
are no longer const and that free_parse_tree() will free lhost/shost.
The only consumer that passed in lho.st/shost was the SSSD back-end
which has been updated to avoid a double-free.

plugins/sudoers/gram.c

@@ -3830,10 +3830,10 @@ free_userspec(struct userspec *us)
 
 /*
  * Initialized a sudoers parse tree.
+ * Takes ownership of lhost and shost.
  */
 void
-init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost,
-    const char *shost)
+init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost)
 {
     TAILQ_INIT(&parse_tree->userspecs);
     TAILQ_INIT(&parse_tree->defaults);
@@ -3864,6 +3864,10 @@ free_parse_tree(struct sudoers_parse_tree *parse_tree)
     free_defaults(&parse_tree->defaults);
     free_aliases(parse_tree->aliases);
     parse_tree->aliases = NULL;
+    free(parse_tree->lhost);
+    if (parse_tree->shost != parse_tree->lhost)
+	free(parse_tree->shost);
+    parse_tree->lhost = parse_tree->shost = NULL;
 }
 
 /*

plugins/sudoers/gram.y

@@ -1674,10 +1674,10 @@ free_userspec(struct userspec *us)
 
 /*
  * Initialized a sudoers parse tree.
+ * Takes ownership of lhost and shost.
  */
 void
-init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost,
-    const char *shost)
+init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost)
 {
     TAILQ_INIT(&parse_tree->userspecs);
     TAILQ_INIT(&parse_tree->defaults);
@@ -1708,6 +1708,10 @@ free_parse_tree(struct sudoers_parse_tree *parse_tree)
     free_defaults(&parse_tree->defaults);
     free_aliases(parse_tree->aliases);
     parse_tree->aliases = NULL;
+    free(parse_tree->lhost);
+    if (parse_tree->shost != parse_tree->lhost)
+	free(parse_tree->shost);
+    parse_tree->lhost = parse_tree->shost = NULL;
 }
 
 /*

plugins/sudoers/parse.h

@@ -294,7 +294,7 @@ struct sudoers_parse_tree {
     struct userspec_list userspecs;
     struct defaults_list defaults;
     struct rbtree *aliases;
-    const char *shost, *lhost;
+    char *shost, *lhost;
 };
 
 /*
@@ -366,7 +366,7 @@ void free_userspec(struct userspec *us);
 void free_userspecs(struct userspec_list *usl);
 void free_default(struct defaults *def, struct member_list **binding);
 void free_defaults(struct defaults_list *defs);
-void init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, const char *shost);
+void init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost);
 void free_parse_tree(struct sudoers_parse_tree *parse_tree);
 void reparent_parse_tree(struct sudoers_parse_tree *new_tree);
 bool parser_leak_add(enum parser_leak_types type, void *v);

plugins/sudoers/regress/fuzz/fuzz_sudoers.c

@@ -273,7 +273,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     }
 
     /* Only one sudoers source, the sudoers file itself. */
-    init_parse_tree(&parse_tree, user_host, user_shost);
+    init_parse_tree(&parse_tree, NULL, NULL);
     memset(&sudo_nss_fuzz, 0, sizeof(sudo_nss_fuzz));
     sudo_nss_fuzz.parse_tree = &parse_tree;
     sudo_nss_fuzz.query = sudo_fuzz_query;

plugins/sudoers/sssd.c

@@ -532,9 +532,6 @@ sudo_sss_close(struct sudo_nss *nss)
 	sudo_dso_unload(handle->ssslib);
 	if (handle->pw != NULL)
 	    sudo_pw_delref(handle->pw);
-	free(handle->ipa_host);
-	if (handle->ipa_host != handle->ipa_shost)
-	    free(handle->ipa_shost);
 	free_parse_tree(&handle->parse_tree);
 	free(handle);
 	nss->handle = NULL;