Don't free the alias name in alias_add() if the alias already exists.

We need to be able to display it using alias_error(). Only free what we actually allocated in alias_add() on error and let the caller handle cleanup. Note that we cannot completely fill in the alias until it is inserted. Otherwise, we will have modified the file and members parameters even if there was an error. As a result, we have to remove those from the leak list after alias_add(), not before.
2025-08-31 06:15:37 +00:00 · 2021-02-03 14:17:37 -07:00
parent 884b2fb86b
commit b4cabdb394
3 changed files with 32 additions and 25 deletions
--- a/plugins/sudoers/alias.c
+++ b/plugins/sudoers/alias.c
@@ -127,22 +127,29 @@ alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type,
    a = calloc(1, sizeof(*a));
    if (a == NULL)
 	debug_return_bool(false);
+
+    /* Only set elements used by alias_compare() in case there is a dupe. */
    a->name = name;
    a->type = type;
+    switch (rbinsert(parse_tree->aliases, a, NULL)) {
+    case 1:
+	free(a);
+	errno = EEXIST;
+	debug_return_bool(false);
+    case -1:
+	free(a);
+	debug_return_bool(false);
+    }
+
+    /*
+     * It is now safe to fill in the rest of the alias.  We do this last
+     * since it modifies "file" (adds a ref) and "members" (tailq conversion).
+     */
    /* a->used = false; */
    a->file = rcstr_addref(file);
    a->line = line;
    a->column = column;
    HLTQ_TO_TAILQ(&a->members, members, entries);
-    switch (rbinsert(parse_tree->aliases, a, NULL)) {
-    case 1:
-	alias_free(a);
-	errno = EEXIST;
-	debug_return_bool(false);
-    case -1:
-	alias_free(a);
-	debug_return_bool(false);
-    }
    debug_return_bool(true);
 }