Plug some memory leaks when sudoers_policy_main is called multiple times.

These would get cleaned up a policy close time but we don't want to bloat sudo's memory footprint when running a shell with multiple commands.
2025-09-04 16:25:25 +00:00 · 2021-08-09 15:50:26 -06:00
parent dfe26f8c34
commit 3a090dcdcd
2 changed files with 19 additions and 9 deletions
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -606,13 +606,22 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
    mode_t cmnd_umask, char *iolog_path, void *v)
 {
    struct sudoers_exec_args *exec_args = v;
-    char **command_info;
+    static char **command_info;
    int info_len = 0;
    debug_decl(sudoers_policy_store_result, SUDOERS_DEBUG_PLUGIN);

    if (exec_args == NULL)
 	debug_return_bool(true);	/* nothing to do */

+    /* Free old data, if any. */
+    if (command_info != NULL) {
+	char **cur;
+	sudoers_gc_remove(GC_VECTOR, command_info);
+	for (cur = command_info; *cur != NULL; cur++)
+	    free(*cur);
+	free(command_info);
+    }
+
    /* Increase the length of command_info as needed, it is *not* checked. */
    command_info = calloc(57, sizeof(char *));
    if (command_info == NULL)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -416,10 +416,13 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 	sudo_user.env_vars = env_add;

    /*
-     * Make a local copy of argc/argv, with special handling
-     * for the '-i' option.
+     * Make a local copy of argc/argv, with special handling for the
+     * '-i' option.  We also allocate an extra slot for bash's --login.
     */
-    /* Must leave an extra slot before NewArgv for bash's --login */
+    if (NewArgv != NULL) {
+	sudoers_gc_remove(GC_PTR, NewArgv);
+	free(NewArgv);
+    }
    NewArgc = argc;
    NewArgv = reallocarray(NULL, NewArgc + 2, sizeof(char *));
    if (NewArgv == NULL) {
@@ -427,7 +430,6 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 	goto done;
    }
    sudoers_gc_add(GC_PTR, NewArgv);
-    NewArgv++;	/* reserve an extra slot for --login */
    memcpy(NewArgv, argv, argc * sizeof(char *));
    NewArgv[NewArgc] = NULL;
    if (ISSET(sudo_mode, MODE_LOGIN_SHELL) && runas_pw != NULL) {
@@ -722,11 +724,10 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 	 */
 	if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0 &&
 	    strcmp(NewArgv[1], "-c") == 0) {
-	    /* Use the extra slot before NewArgv so we can store --login. */
-	    NewArgv--;
-	    NewArgc++;
-	    NewArgv[0] = NewArgv[1];
+	    /* We allocated extra space for the --login above. */
+	    memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * (NewArgc - 1));
 	    NewArgv[1] = "--login";
+	    NewArgc++;
 	}

 #if defined(_AIX) || (defined(__linux__) && !defined(HAVE_PAM))