Blame SOURCES/0071-simple-fix-memory-leak-while-reloading-lists.patch

f9c044
From 137924c7894fd5989446ebefd96010a0878004f1 Mon Sep 17 00:00:00 2001
f9c044
From: Sumit Bose <sbose@redhat.com>
f9c044
Date: Tue, 12 Jan 2021 16:40:56 +0100
f9c044
Subject: [PATCH 71/71] simple: fix memory leak while reloading lists
f9c044
f9c044
The simple access provider will reload the access and deny lists at
f9c044
runtime to make sure that users and groups from domains which are
f9c044
discovered at runtime are properly processed.
f9c044
f9c044
While reloading the lists the original lists are not freed and an
f9c044
intermediate list wasn't removed as well.
f9c044
f9c044
Resolves: https://github.com/SSSD/sssd/issues/5456
f9c044
f9c044
:fixes: Memory leak in the simple access provider
f9c044
f9c044
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
f9c044
(cherry picked from commit 19c2c641e669ee1c08d6706c132625dc30e64609)
f9c044
f9c044
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
f9c044
---
f9c044
 src/providers/simple/simple_access.c | 28 +++++++++++++++++++++-------
f9c044
 1 file changed, 21 insertions(+), 7 deletions(-)
f9c044
f9c044
diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c
f9c044
index 1868569b1..49226adf2 100644
f9c044
--- a/src/providers/simple/simple_access.c
f9c044
+++ b/src/providers/simple/simple_access.c
f9c044
@@ -117,17 +117,13 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
f9c044
         const char *name;
f9c044
         const char *option;
f9c044
         char **orig_list;
f9c044
-        char ***ctx_list;
f9c044
+        char **ctx_list;
f9c044
     } lists[] = {{"Allow users", CONFDB_SIMPLE_ALLOW_USERS, NULL, NULL},
f9c044
                  {"Deny users", CONFDB_SIMPLE_DENY_USERS, NULL, NULL},
f9c044
                  {"Allow groups", CONFDB_SIMPLE_ALLOW_GROUPS, NULL, NULL},
f9c044
                  {"Deny groups", CONFDB_SIMPLE_DENY_GROUPS, NULL, NULL},
f9c044
                  {NULL, NULL, NULL, NULL}};
f9c044
 
f9c044
-    lists[0].ctx_list = &ctx->allow_users;
f9c044
-    lists[1].ctx_list = &ctx->deny_users;
f9c044
-    lists[2].ctx_list = &ctx->allow_groups;
f9c044
-    lists[3].ctx_list = &ctx->deny_groups;
f9c044
 
f9c044
     ret = sysdb_master_domain_update(bectx->domain);
f9c044
     if (ret != EOK) {
f9c044
@@ -141,7 +137,6 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
f9c044
                                         lists[i].option, &lists[i].orig_list);
f9c044
         if (ret == ENOENT) {
f9c044
             DEBUG(SSSDBG_FUNC_DATA, "%s list is empty.\n", lists[i].name);
f9c044
-            *lists[i].ctx_list = NULL;
f9c044
             continue;
f9c044
         } else if (ret != EOK) {
f9c044
             DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string_as_list failed.\n");
f9c044
@@ -149,7 +144,8 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
f9c044
         }
f9c044
 
f9c044
         ret = simple_access_parse_names(ctx, bectx, lists[i].orig_list,
f9c044
-                                        lists[i].ctx_list);
f9c044
+                                        &lists[i].ctx_list);
f9c044
+        talloc_free(lists[i].orig_list);
f9c044
         if (ret != EOK) {
f9c044
             DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse %s list [%d]: %s\n",
f9c044
                                         lists[i].name, ret, sss_strerror(ret));
f9c044
@@ -157,6 +153,18 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
f9c044
         }
f9c044
     }
f9c044
 
f9c044
+    talloc_free(ctx->allow_users);
f9c044
+    ctx->allow_users = talloc_steal(ctx, lists[0].ctx_list);
f9c044
+
f9c044
+    talloc_free(ctx->deny_users);
f9c044
+    ctx->deny_users = talloc_steal(ctx, lists[1].ctx_list);
f9c044
+
f9c044
+    talloc_free(ctx->allow_groups);
f9c044
+    ctx->allow_groups = talloc_steal(ctx, lists[2].ctx_list);
f9c044
+
f9c044
+    talloc_free(ctx->deny_groups);
f9c044
+    ctx->deny_groups = talloc_steal(ctx, lists[3].ctx_list);
f9c044
+
f9c044
     if (!ctx->allow_users &&
f9c044
             !ctx->allow_groups &&
f9c044
             !ctx->deny_users &&
f9c044
@@ -165,9 +173,15 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
f9c044
               "No rules supplied for simple access provider. "
f9c044
                "Access will be granted for all users.\n");
f9c044
     }
f9c044
+
f9c044
+
f9c044
     return EOK;
f9c044
 
f9c044
 failed:
f9c044
+    for (i = 0; lists[i].name != NULL; i++) {
f9c044
+        talloc_free(lists[i].ctx_list);
f9c044
+    }
f9c044
+
f9c044
     return ret;
f9c044
 }
f9c044
 
f9c044
-- 
f9c044
2.26.3
f9c044