From 248d2007a780bd141298cf0b330342b45f83dde8 Mon Sep 17 00:00:00 2001
Message-Id: <248d2007a780bd141298cf0b330342b45f83dde8.1377873639.git.jdenemar@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 13 Aug 2013 15:20:42 +0100
Subject: [PATCH] Fix double-free and broken logic in virt-login-shell

For https://bugzilla.redhat.com/show_bug.cgi?id=988491

The virLoginShellAllowedUser method must not free the 'groups'
parameter it is given, as that is owned by the caller.

The virLoginShellAllowedUser method should be checking
'!*ptr' (ie empty string) rather than '!ptr' (NULL string)
since the latter cannot be true.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit ac692e3af231651304a93d63cb54049d9e3d50f8)
---
 tools/virt-login-shell.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c
index b8f1a28..b27e44f 100644
--- a/tools/virt-login-shell.c
+++ b/tools/virt-login-shell.c
@@ -85,7 +85,7 @@ static int virLoginShellAllowedUser(virConfPtr conf,
                 */
                 if (pp->str[0] == '%') {
                     ptr = &pp->str[1];
-                    if (!ptr)
+                    if (!*ptr)
                         continue;
                     for (i = 0; groups[i]; i++) {
                         if (!(gname = virGetGroupName(groups[i])))
@@ -96,7 +96,6 @@ static int virLoginShellAllowedUser(virConfPtr conf,
                         }
                         VIR_FREE(gname);
                     }
-                    VIR_FREE(groups);
                     continue;
                 }
                 if (fnmatch(pp->str, name, 0) == 0) {
@@ -109,7 +108,6 @@ static int virLoginShellAllowedUser(virConfPtr conf,
     virReportSystemError(EPERM, _("%s not listed as an allowed_users in %s"), name, conf_file);
 cleanup:
     VIR_FREE(gname);
-    VIR_FREE(groups);
     return ret;
 }
 
-- 
1.8.3.2