isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix group list ref leak in sudoers_policy_store_result() on error path.

Browse Source
This commit is contained in:
Todd C. Miller
2021-05-26 07:31:19 -06:00
parent 958066eddb
commit cc647c32e1
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/policy.c
View File

@@ -638,7 +638,7 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
goto oom; goto oom;
} }
if (def_maxseq != NULL) { if (def_maxseq != NULL) {
if (asprintf(&command_info[info_len++], "maxseq=%s", def_maxseq) == -1) if ((command_info[info_len++] = sudo_new_key_val("maxseq", def_maxseq)) == NULL)
goto oom; goto oom;
} }
} }
@@ -715,8 +715,10 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
glsize = sizeof("runas_groups=") - 1 + glsize = sizeof("runas_groups=") - 1 +
((gidlist->ngids + 1) * (MAX_UID_T_LEN + 1)); ((gidlist->ngids + 1) * (MAX_UID_T_LEN + 1));
gid_list = malloc(glsize); gid_list = malloc(glsize);
if (gid_list == NULL) if (gid_list == NULL) {
sudo_gidlist_delref(gidlist);
goto oom; goto oom;
}
memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1); memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1);
cp = gid_list + sizeof("runas_groups=") - 1; cp = gid_list + sizeof("runas_groups=") - 1;
@@ -727,6 +729,7 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) {
sudo_warnx(U_("internal error, %s overflow"), __func__); sudo_warnx(U_("internal error, %s overflow"), __func__);
free(gid_list); free(gid_list);
sudo_gidlist_delref(gidlist);
goto bad; goto bad;
} }
cp += len; cp += len;
@@ -737,6 +740,7 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) {
sudo_warnx(U_("internal error, %s overflow"), __func__); sudo_warnx(U_("internal error, %s overflow"), __func__);
free(gid_list); free(gid_list);
sudo_gidlist_delref(gidlist);
goto bad; goto bad;
} }
cp += len; cp += len;