From 248d2007a780bd141298cf0b330342b45f83dde8 Mon Sep 17 00:00:00 2001 Message-Id: <248d2007a780bd141298cf0b330342b45f83dde8.1377873639.git.jdenemar@redhat.com> From: "Daniel P. Berrange" Date: Tue, 13 Aug 2013 15:20:42 +0100 Subject: [PATCH] Fix double-free and broken logic in virt-login-shell For https://bugzilla.redhat.com/show_bug.cgi?id=988491 The virLoginShellAllowedUser method must not free the 'groups' parameter it is given, as that is owned by the caller. The virLoginShellAllowedUser method should be checking '!*ptr' (ie empty string) rather than '!ptr' (NULL string) since the latter cannot be true. Signed-off-by: Daniel P. Berrange (cherry picked from commit ac692e3af231651304a93d63cb54049d9e3d50f8) --- tools/virt-login-shell.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c index b8f1a28..b27e44f 100644 --- a/tools/virt-login-shell.c +++ b/tools/virt-login-shell.c @@ -85,7 +85,7 @@ static int virLoginShellAllowedUser(virConfPtr conf, */ if (pp->str[0] == '%') { ptr = &pp->str[1]; - if (!ptr) + if (!*ptr) continue; for (i = 0; groups[i]; i++) { if (!(gname = virGetGroupName(groups[i]))) @@ -96,7 +96,6 @@ static int virLoginShellAllowedUser(virConfPtr conf, } VIR_FREE(gname); } - VIR_FREE(groups); continue; } if (fnmatch(pp->str, name, 0) == 0) { @@ -109,7 +108,6 @@ static int virLoginShellAllowedUser(virConfPtr conf, virReportSystemError(EPERM, _("%s not listed as an allowed_users in %s"), name, conf_file); cleanup: VIR_FREE(gname); - VIR_FREE(groups); return ret; } -- 1.8.3.2