From 3c1ce4bf72358b9ff96471b4b861bf56f2863e30 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Thu, 10 Feb 2022 13:33:24 -0700
Subject: [PATCH] store_iobuf_local: fix potential double free on the error
 path.

---
 logsrvd/logsrvd_local.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/logsrvd/logsrvd_local.c b/logsrvd/logsrvd_local.c
index a4cbb9fdb..5119d2ef9 100644
--- a/logsrvd/logsrvd_local.c
+++ b/logsrvd/logsrvd_local.c
@@ -559,7 +559,6 @@ store_iobuf_local(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t buflen,
 	    errstr);
 	goto bad;
     }
-    free(newbuf);
 
     /* Write timing data. */
     if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf,
@@ -575,12 +574,14 @@ store_iobuf_local(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t buflen,
     if (random_drop > 0.0) {
 	double randval = arc4random() / (double)UINT32_MAX;
 	if (randval < random_drop) {
+	    closure->errstr = _("randomly dropping connection");
 	    sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
 		"randomly dropping connection (%f < %f)", randval, random_drop);
-	    debug_return_bool(false);
+	    goto bad;
 	}
     }
 
+    free(newbuf);
     debug_return_bool(true);
 bad:
     free(newbuf);