From 19c2c641e669ee1c08d6706c132625dc30e64609 Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Tue, 12 Jan 2021 16:40:56 +0100

Subject: [PATCH] simple: fix memory leak while reloading lists

The simple access provider will reload the access and deny lists at

runtime to make sure that users and groups from domains which are

discovered at runtime are properly processed.

While reloading the lists the original lists are not freed and an

intermediate list wasn't removed as well.

Resolves: https://github.com/SSSD/sssd/issues/5456

:fixes: Memory leak in the simple access provider

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>

---

 src/providers/simple/simple_access.c | 28 +++++++++++++++++++++-------

 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c

index 1868569b1..49226adf2 100644

--- a/src/providers/simple/simple_access.c

+++ b/src/providers/simple/simple_access.c

@@ -117,17 +117,13 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)

         const char *name;

         const char *option;

         char **orig_list;

-        char ***ctx_list;

+        char **ctx_list;

     } lists[] = {{"Allow users", CONFDB_SIMPLE_ALLOW_USERS, NULL, NULL},

                  {"Deny users", CONFDB_SIMPLE_DENY_USERS, NULL, NULL},

                  {"Allow groups", CONFDB_SIMPLE_ALLOW_GROUPS, NULL, NULL},

                  {"Deny groups", CONFDB_SIMPLE_DENY_GROUPS, NULL, NULL},

                  {NULL, NULL, NULL, NULL}};

-    lists[0].ctx_list = &ctx->allow_users;

-    lists[1].ctx_list = &ctx->deny_users;

-    lists[2].ctx_list = &ctx->allow_groups;

-    lists[3].ctx_list = &ctx->deny_groups;

     ret = sysdb_master_domain_update(bectx->domain);

     if (ret != EOK) {

@@ -141,7 +137,6 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)

                                         lists[i].option, &lists[i].orig_list);

         if (ret == ENOENT) {

             DEBUG(SSSDBG_FUNC_DATA, "%s list is empty.\n", lists[i].name);

-            *lists[i].ctx_list = NULL;

             continue;

         } else if (ret != EOK) {

             DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string_as_list failed.\n");

@@ -149,7 +144,8 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)

         }

         ret = simple_access_parse_names(ctx, bectx, lists[i].orig_list,

-                                        lists[i].ctx_list);

+                                        &lists[i].ctx_list);

+        talloc_free(lists[i].orig_list);

         if (ret != EOK) {

             DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse %s list [%d]: %s\n",

                                         lists[i].name, ret, sss_strerror(ret));

@@ -157,6 +153,18 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)

         }

     }

+    talloc_free(ctx->allow_users);

+    ctx->allow_users = talloc_steal(ctx, lists[0].ctx_list);

+

+    talloc_free(ctx->deny_users);

+    ctx->deny_users = talloc_steal(ctx, lists[1].ctx_list);

+

+    talloc_free(ctx->allow_groups);

+    ctx->allow_groups = talloc_steal(ctx, lists[2].ctx_list);

+

+    talloc_free(ctx->deny_groups);

+    ctx->deny_groups = talloc_steal(ctx, lists[3].ctx_list);

+

     if (!ctx->allow_users &&

             !ctx->allow_groups &&

             !ctx->deny_users &&

@@ -165,9 +173,15 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)

               "No rules supplied for simple access provider. "

                "Access will be granted for all users.\n");

     }

+

+

     return EOK;

 failed:

+    for (i = 0; lists[i].name != NULL; i++) {

+        talloc_free(lists[i].ctx_list);

+    }

+

     return ret;

 }

-- 

2.21.3