From 20b3904f4f7e0b6199b783d6155b84d11b1dbbcd Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 2 Feb 2021 13:58:31 -0700
Subject: [PATCH] Add missing fclose(3) of fmemopen(3) stream; it does not
 modify the data.

---
 lib/iolog/regress/fuzz/fuzz_iolog_json.c       | 18 ++++++++++--------
 plugins/sudoers/regress/fuzz/fuzz_sudoers.c    |  5 ++++-
 .../sudoers/regress/fuzz/fuzz_sudoers_ldif.c   |  3 ++-
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/lib/iolog/regress/fuzz/fuzz_iolog_json.c b/lib/iolog/regress/fuzz/fuzz_iolog_json.c
index c6824d5ac..e77ab8de8 100644
--- a/lib/iolog/regress/fuzz/fuzz_iolog_json.c
+++ b/lib/iolog/regress/fuzz/fuzz_iolog_json.c
@@ -39,20 +39,22 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     struct eventlog *evlog = NULL;
     FILE *fp;
 
-    /* Operate in-memory, do not fclose or it will free() data. */
+    /* Operate in-memory. */
     fp = fmemopen((void *)data, size, "r");
     if (fp == NULL)
         return 0;
 
     /* Parsed contents of an log.json file are stored in evlog. */
-    if ((evlog = calloc(1, sizeof(*evlog))) == NULL)
-	return 0;
-    evlog->runuid = (uid_t)-1;
-    evlog->rungid = (gid_t)-1;
+    evlog = calloc(1, sizeof(*evlog));
+    if (evlog != NULL) {
+	evlog->runuid = (uid_t)-1;
+	evlog->rungid = (gid_t)-1;
 
-    /* Try to parse buffer as a JSON-format I/O log info file. */
-    iolog_parse_loginfo_json(fp, "fuzz.json", evlog);
-    eventlog_free(evlog);
+	/* Try to parse buffer as a JSON-format I/O log info file. */
+	iolog_parse_loginfo_json(fp, "fuzz.json", evlog);
+	eventlog_free(evlog);
+    }
+    fclose(fp);
 
     return 0;
 }
diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c
index a0de7568d..f5f270940 100644
--- a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c
+++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c
@@ -44,7 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     if (size < 5)
         return 0;
 
-    /* Operate in-memory, do not fclose or it will free() data. */
+    /* Operate in-memory. */
     sudoersin = fmemopen((void *)data, size, "r");
     if (sudoersin == NULL)
         return 0;
@@ -53,7 +53,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     init_defaults();
     init_parser("sudoers", false, true);
     sudoersparse();
+
+    /* Cleanup. */
     init_parser(NULL, false, true);
+    fclose(fp);
 
     return 0;
 }
diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c
index ac1b895b2..72a555e03 100644
--- a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c
+++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c
@@ -47,7 +47,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     if (size < 5)
         return 0;
 
-    /* Operate in-memory, do not fclose or it will free() data. */
+    /* Operate in-memory. */
     fp = fmemopen((void *)data, size, "r");
     if (fp == NULL)
         return 0;
@@ -59,6 +59,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
     /* Cleanup. */
     free_parse_tree(&parse_tree);
+    fclose(fp);
 
     return 0;
 }