From 248d2007a780bd141298cf0b330342b45f83dde8 Mon Sep 17 00:00:00 2001

Message-Id: <248d2007a780bd141298cf0b330342b45f83dde8.1377873639.git.jdenemar@redhat.com>

From: "Daniel P. Berrange" <berrange@redhat.com>

Date: Tue, 13 Aug 2013 15:20:42 +0100

Subject: [PATCH] Fix double-free and broken logic in virt-login-shell

For https://bugzilla.redhat.com/show_bug.cgi?id=988491

The virLoginShellAllowedUser method must not free the 'groups'

parameter it is given, as that is owned by the caller.

The virLoginShellAllowedUser method should be checking

'!*ptr' (ie empty string) rather than '!ptr' (NULL string)

since the latter cannot be true.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

(cherry picked from commit ac692e3af231651304a93d63cb54049d9e3d50f8)

---

 tools/virt-login-shell.c | 4 +---

 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c

index b8f1a28..b27e44f 100644

--- a/tools/virt-login-shell.c

+++ b/tools/virt-login-shell.c

@@ -85,7 +85,7 @@ static int virLoginShellAllowedUser(virConfPtr conf,

                 */

                 if (pp->str[0] == '%') {

                     ptr = &pp->str[1];

-                    if (!ptr)

+                    if (!*ptr)

                         continue;

                     for (i = 0; groups[i]; i++) {

                         if (!(gname = virGetGroupName(groups[i])))

@@ -96,7 +96,6 @@ static int virLoginShellAllowedUser(virConfPtr conf,

                         }

                         VIR_FREE(gname);

                     }

-                    VIR_FREE(groups);

                     continue;

                 }

                 if (fnmatch(pp->str, name, 0) == 0) {

@@ -109,7 +108,6 @@ static int virLoginShellAllowedUser(virConfPtr conf,

     virReportSystemError(EPERM, _("%s not listed as an allowed_users in %s"), name, conf_file);

 cleanup:

     VIR_FREE(gname);

-    VIR_FREE(groups);

     return ret;

 }

-- 

1.8.3.2