dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0035-simple-fix-memory-leak-while-reloading-lists.patch

c5e826
From 19c2c641e669ee1c08d6706c132625dc30e64609 Mon Sep 17 00:00:00 2001
c5e826
From: Sumit Bose <sbose@redhat.com>
c5e826
Date: Tue, 12 Jan 2021 16:40:56 +0100
c5e826
Subject: [PATCH] simple: fix memory leak while reloading lists
c5e826
c5e826
The simple access provider will reload the access and deny lists at
c5e826
runtime to make sure that users and groups from domains which are
c5e826
discovered at runtime are properly processed.
c5e826
c5e826
While reloading the lists the original lists are not freed and an
c5e826
intermediate list wasn't removed as well.
c5e826
c5e826
Resolves: https://github.com/SSSD/sssd/issues/5456
c5e826
c5e826
:fixes: Memory leak in the simple access provider
c5e826
c5e826
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
c5e826
---
c5e826
 src/providers/simple/simple_access.c | 28 +++++++++++++++++++++-------
c5e826
 1 file changed, 21 insertions(+), 7 deletions(-)
c5e826
c5e826
diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c
c5e826
index 1868569b1..49226adf2 100644
c5e826
--- a/src/providers/simple/simple_access.c
c5e826
+++ b/src/providers/simple/simple_access.c
c5e826
@@ -117,17 +117,13 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
c5e826
         const char *name;
c5e826
         const char *option;
c5e826
         char **orig_list;
c5e826
-        char ***ctx_list;
c5e826
+        char **ctx_list;
c5e826
     } lists[] = {{"Allow users", CONFDB_SIMPLE_ALLOW_USERS, NULL, NULL},
c5e826
                  {"Deny users", CONFDB_SIMPLE_DENY_USERS, NULL, NULL},
c5e826
                  {"Allow groups", CONFDB_SIMPLE_ALLOW_GROUPS, NULL, NULL},
c5e826
                  {"Deny groups", CONFDB_SIMPLE_DENY_GROUPS, NULL, NULL},
c5e826
                  {NULL, NULL, NULL, NULL}};
c5e826
 
c5e826
-    lists[0].ctx_list = &ctx->allow_users;
c5e826
-    lists[1].ctx_list = &ctx->deny_users;
c5e826
-    lists[2].ctx_list = &ctx->allow_groups;
c5e826
-    lists[3].ctx_list = &ctx->deny_groups;
c5e826
 
c5e826
     ret = sysdb_master_domain_update(bectx->domain);
c5e826
     if (ret != EOK) {
c5e826
@@ -141,7 +137,6 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
c5e826
                                         lists[i].option, &lists[i].orig_list);
c5e826
         if (ret == ENOENT) {
c5e826
             DEBUG(SSSDBG_FUNC_DATA, "%s list is empty.\n", lists[i].name);
c5e826
-            *lists[i].ctx_list = NULL;
c5e826
             continue;
c5e826
         } else if (ret != EOK) {
c5e826
             DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string_as_list failed.\n");
c5e826
@@ -149,7 +144,8 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
c5e826
         }
c5e826
 
c5e826
         ret = simple_access_parse_names(ctx, bectx, lists[i].orig_list,
c5e826
-                                        lists[i].ctx_list);
c5e826
+                                        &lists[i].ctx_list);
c5e826
+        talloc_free(lists[i].orig_list);
c5e826
         if (ret != EOK) {
c5e826
             DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse %s list [%d]: %s\n",
c5e826
                                         lists[i].name, ret, sss_strerror(ret));
c5e826
@@ -157,6 +153,18 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
c5e826
         }
c5e826
     }
c5e826
 
c5e826
+    talloc_free(ctx->allow_users);
c5e826
+    ctx->allow_users = talloc_steal(ctx, lists[0].ctx_list);
c5e826
+
c5e826
+    talloc_free(ctx->deny_users);
c5e826
+    ctx->deny_users = talloc_steal(ctx, lists[1].ctx_list);
c5e826
+
c5e826
+    talloc_free(ctx->allow_groups);
c5e826
+    ctx->allow_groups = talloc_steal(ctx, lists[2].ctx_list);
c5e826
+
c5e826
+    talloc_free(ctx->deny_groups);
c5e826
+    ctx->deny_groups = talloc_steal(ctx, lists[3].ctx_list);
c5e826
+
c5e826
     if (!ctx->allow_users &&
c5e826
             !ctx->allow_groups &&
c5e826
             !ctx->deny_users &&
c5e826
@@ -165,9 +173,15 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
c5e826
               "No rules supplied for simple access provider. "
c5e826
                "Access will be granted for all users.\n");
c5e826
     }
c5e826
+
c5e826
+
c5e826
     return EOK;
c5e826
 
c5e826
 failed:
c5e826
+    for (i = 0; lists[i].name != NULL; i++) {
c5e826
+        talloc_free(lists[i].ctx_list);
c5e826
+    }
c5e826
+
c5e826
     return ret;
c5e826
 }
c5e826
 
c5e826
-- 
c5e826
2.21.3
c5e826