|
|
c5e826 |
From 19c2c641e669ee1c08d6706c132625dc30e64609 Mon Sep 17 00:00:00 2001
|
|
|
c5e826 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
c5e826 |
Date: Tue, 12 Jan 2021 16:40:56 +0100
|
|
|
c5e826 |
Subject: [PATCH] simple: fix memory leak while reloading lists
|
|
|
c5e826 |
|
|
|
c5e826 |
The simple access provider will reload the access and deny lists at
|
|
|
c5e826 |
runtime to make sure that users and groups from domains which are
|
|
|
c5e826 |
discovered at runtime are properly processed.
|
|
|
c5e826 |
|
|
|
c5e826 |
While reloading the lists the original lists are not freed and an
|
|
|
c5e826 |
intermediate list wasn't removed as well.
|
|
|
c5e826 |
|
|
|
c5e826 |
Resolves: https://github.com/SSSD/sssd/issues/5456
|
|
|
c5e826 |
|
|
|
c5e826 |
:fixes: Memory leak in the simple access provider
|
|
|
c5e826 |
|
|
|
c5e826 |
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
|
|
c5e826 |
---
|
|
|
c5e826 |
src/providers/simple/simple_access.c | 28 +++++++++++++++++++++-------
|
|
|
c5e826 |
1 file changed, 21 insertions(+), 7 deletions(-)
|
|
|
c5e826 |
|
|
|
c5e826 |
diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c
|
|
|
c5e826 |
index 1868569b1..49226adf2 100644
|
|
|
c5e826 |
--- a/src/providers/simple/simple_access.c
|
|
|
c5e826 |
+++ b/src/providers/simple/simple_access.c
|
|
|
c5e826 |
@@ -117,17 +117,13 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
|
c5e826 |
const char *name;
|
|
|
c5e826 |
const char *option;
|
|
|
c5e826 |
char **orig_list;
|
|
|
c5e826 |
- char ***ctx_list;
|
|
|
c5e826 |
+ char **ctx_list;
|
|
|
c5e826 |
} lists[] = {{"Allow users", CONFDB_SIMPLE_ALLOW_USERS, NULL, NULL},
|
|
|
c5e826 |
{"Deny users", CONFDB_SIMPLE_DENY_USERS, NULL, NULL},
|
|
|
c5e826 |
{"Allow groups", CONFDB_SIMPLE_ALLOW_GROUPS, NULL, NULL},
|
|
|
c5e826 |
{"Deny groups", CONFDB_SIMPLE_DENY_GROUPS, NULL, NULL},
|
|
|
c5e826 |
{NULL, NULL, NULL, NULL}};
|
|
|
c5e826 |
|
|
|
c5e826 |
- lists[0].ctx_list = &ctx->allow_users;
|
|
|
c5e826 |
- lists[1].ctx_list = &ctx->deny_users;
|
|
|
c5e826 |
- lists[2].ctx_list = &ctx->allow_groups;
|
|
|
c5e826 |
- lists[3].ctx_list = &ctx->deny_groups;
|
|
|
c5e826 |
|
|
|
c5e826 |
ret = sysdb_master_domain_update(bectx->domain);
|
|
|
c5e826 |
if (ret != EOK) {
|
|
|
c5e826 |
@@ -141,7 +137,6 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
|
c5e826 |
lists[i].option, &lists[i].orig_list);
|
|
|
c5e826 |
if (ret == ENOENT) {
|
|
|
c5e826 |
DEBUG(SSSDBG_FUNC_DATA, "%s list is empty.\n", lists[i].name);
|
|
|
c5e826 |
- *lists[i].ctx_list = NULL;
|
|
|
c5e826 |
continue;
|
|
|
c5e826 |
} else if (ret != EOK) {
|
|
|
c5e826 |
DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string_as_list failed.\n");
|
|
|
c5e826 |
@@ -149,7 +144,8 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
|
c5e826 |
}
|
|
|
c5e826 |
|
|
|
c5e826 |
ret = simple_access_parse_names(ctx, bectx, lists[i].orig_list,
|
|
|
c5e826 |
- lists[i].ctx_list);
|
|
|
c5e826 |
+ &lists[i].ctx_list);
|
|
|
c5e826 |
+ talloc_free(lists[i].orig_list);
|
|
|
c5e826 |
if (ret != EOK) {
|
|
|
c5e826 |
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse %s list [%d]: %s\n",
|
|
|
c5e826 |
lists[i].name, ret, sss_strerror(ret));
|
|
|
c5e826 |
@@ -157,6 +153,18 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
|
c5e826 |
}
|
|
|
c5e826 |
}
|
|
|
c5e826 |
|
|
|
c5e826 |
+ talloc_free(ctx->allow_users);
|
|
|
c5e826 |
+ ctx->allow_users = talloc_steal(ctx, lists[0].ctx_list);
|
|
|
c5e826 |
+
|
|
|
c5e826 |
+ talloc_free(ctx->deny_users);
|
|
|
c5e826 |
+ ctx->deny_users = talloc_steal(ctx, lists[1].ctx_list);
|
|
|
c5e826 |
+
|
|
|
c5e826 |
+ talloc_free(ctx->allow_groups);
|
|
|
c5e826 |
+ ctx->allow_groups = talloc_steal(ctx, lists[2].ctx_list);
|
|
|
c5e826 |
+
|
|
|
c5e826 |
+ talloc_free(ctx->deny_groups);
|
|
|
c5e826 |
+ ctx->deny_groups = talloc_steal(ctx, lists[3].ctx_list);
|
|
|
c5e826 |
+
|
|
|
c5e826 |
if (!ctx->allow_users &&
|
|
|
c5e826 |
!ctx->allow_groups &&
|
|
|
c5e826 |
!ctx->deny_users &&
|
|
|
c5e826 |
@@ -165,9 +173,15 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
|
c5e826 |
"No rules supplied for simple access provider. "
|
|
|
c5e826 |
"Access will be granted for all users.\n");
|
|
|
c5e826 |
}
|
|
|
c5e826 |
+
|
|
|
c5e826 |
+
|
|
|
c5e826 |
return EOK;
|
|
|
c5e826 |
|
|
|
c5e826 |
failed:
|
|
|
c5e826 |
+ for (i = 0; lists[i].name != NULL; i++) {
|
|
|
c5e826 |
+ talloc_free(lists[i].ctx_list);
|
|
|
c5e826 |
+ }
|
|
|
c5e826 |
+
|
|
|
c5e826 |
return ret;
|
|
|
c5e826 |
}
|
|
|
c5e826 |
|
|
|
c5e826 |
--
|
|
|
c5e826 |
2.21.3
|
|
|
c5e826 |
|