mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 07:15:27 +00:00
Code Issues Releases Wiki Activity

Plug memory leak if there are duplicate user_info or command_info entries.

Browse Source
This commit is contained in:
Todd C. Miller
2021-02-14 07:21:00 -07:00
parent 96d1dc8ab7
commit d1969b4f0b
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
plugins/sudoers/iolog.c
View File

@@ -284,6 +284,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
continue; continue;
} }
if (strncmp(*cur, "cwd=", sizeof("cwd=") - 1) == 0) { if (strncmp(*cur, "cwd=", sizeof("cwd=") - 1) == 0) {
free(evlog->cwd);
evlog->cwd = strdup(*cur + sizeof("cwd=") - 1); evlog->cwd = strdup(*cur + sizeof("cwd=") - 1);
if (evlog->cwd == NULL) if (evlog->cwd == NULL)
goto oom; goto oom;
@@ -292,6 +293,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
break; break;
case 'h': case 'h':
if (strncmp(*cur, "host=", sizeof("host=") - 1) == 0) { if (strncmp(*cur, "host=", sizeof("host=") - 1) == 0) {
free(evlog->submithost);
evlog->submithost = strdup(*cur + sizeof("host=") - 1); evlog->submithost = strdup(*cur + sizeof("host=") - 1);
if (evlog->submithost == NULL) if (evlog->submithost == NULL)
goto oom; goto oom;
@@ -309,6 +311,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
break; break;
case 't': case 't':
if (strncmp(*cur, "tty=", sizeof("tty=") - 1) == 0) { if (strncmp(*cur, "tty=", sizeof("tty=") - 1) == 0) {
free(evlog->ttyname);
evlog->ttyname = strdup(*cur + sizeof("tty=") - 1); evlog->ttyname = strdup(*cur + sizeof("tty=") - 1);
if (evlog->ttyname == NULL) if (evlog->ttyname == NULL)
goto oom; goto oom;
@@ -317,6 +320,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
break; break;
case 'u': case 'u':
if (strncmp(*cur, "user=", sizeof("user=") - 1) == 0) { if (strncmp(*cur, "user=", sizeof("user=") - 1) == 0) {
free(evlog->submituser);
evlog->submituser = strdup(*cur + sizeof("user=") - 1); evlog->submituser = strdup(*cur + sizeof("user=") - 1);
if (evlog->submituser == NULL) if (evlog->submituser == NULL)
goto oom; goto oom;
@@ -330,12 +334,14 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
switch (**cur) { switch (**cur) {
case 'c': case 'c':
if (strncmp(*cur, "command=", sizeof("command=") - 1) == 0) { if (strncmp(*cur, "command=", sizeof("command=") - 1) == 0) {
free(evlog->command);
evlog->command = strdup(*cur + sizeof("command=") - 1); evlog->command = strdup(*cur + sizeof("command=") - 1);
if (evlog->command == NULL) if (evlog->command == NULL)
goto oom; goto oom;
continue; continue;
} }
if (strncmp(*cur, "chroot=", sizeof("chroot=") - 1) == 0) { if (strncmp(*cur, "chroot=", sizeof("chroot=") - 1) == 0) {
free(evlog->runchroot);
evlog->runchroot = strdup(*cur + sizeof("chroot=") - 1); evlog->runchroot = strdup(*cur + sizeof("chroot=") - 1);
if (evlog->runchroot == NULL) if (evlog->runchroot == NULL)
goto oom; goto oom;
@@ -349,6 +355,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
continue; continue;
} }
if (strncmp(*cur, "iolog_path=", sizeof("iolog_path=") - 1) == 0) { if (strncmp(*cur, "iolog_path=", sizeof("iolog_path=") - 1) == 0) {
free(evlog->iolog_path);
evlog->iolog_path = strdup(*cur + sizeof("iolog_path=") - 1); evlog->iolog_path = strdup(*cur + sizeof("iolog_path=") - 1);
if (evlog->iolog_path == NULL) if (evlog->iolog_path == NULL)
goto oom; goto oom;
@@ -459,18 +466,21 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
} }
#if defined(HAVE_OPENSSL) #if defined(HAVE_OPENSSL)
if (strncmp(*cur, "log_server_cabundle=", sizeof("log_server_cabundle=") - 1) == 0) { if (strncmp(*cur, "log_server_cabundle=", sizeof("log_server_cabundle=") - 1) == 0) {
free(details->ca_bundle);
details->ca_bundle = strdup(*cur + sizeof("log_server_cabundle=") - 1); details->ca_bundle = strdup(*cur + sizeof("log_server_cabundle=") - 1);
if (details->ca_bundle == NULL) if (details->ca_bundle == NULL)
goto oom; goto oom;
continue; continue;
} }
if (strncmp(*cur, "log_server_peer_cert=", sizeof("log_server_peer_cert=") - 1) == 0) { if (strncmp(*cur, "log_server_peer_cert=", sizeof("log_server_peer_cert=") - 1) == 0) {
free(details->cert_file);
details->cert_file = strdup(*cur + sizeof("log_server_peer_cert=") - 1); details->cert_file = strdup(*cur + sizeof("log_server_peer_cert=") - 1);
if (details->cert_file == NULL) if (details->cert_file == NULL)
goto oom; goto oom;
continue; continue;
} }
if (strncmp(*cur, "log_server_peer_key=", sizeof("log_server_peer_key=") - 1) == 0) { if (strncmp(*cur, "log_server_peer_key=", sizeof("log_server_peer_key=") - 1) == 0) {
free(details->key_file);
details->key_file = strdup(*cur + sizeof("log_server_peer_key=") - 1); details->key_file = strdup(*cur + sizeof("log_server_peer_key=") - 1);
if (details->key_file == NULL) if (details->key_file == NULL)
goto oom; goto oom;
@@ -514,6 +524,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
continue; continue;
} }
if (strncmp(*cur, "runcwd=", sizeof("runcwd=") - 1) == 0) { if (strncmp(*cur, "runcwd=", sizeof("runcwd=") - 1) == 0) {
free(evlog->runcwd);
evlog->runcwd = strdup(*cur + sizeof("runcwd=") - 1); evlog->runcwd = strdup(*cur + sizeof("runcwd=") - 1);
if (evlog->runcwd == NULL) if (evlog->runcwd == NULL)
goto oom; goto oom;
@@ -559,6 +570,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
pw = sudo_getpwuid(evlog->runuid); pw = sudo_getpwuid(evlog->runuid);
if (pw != NULL) { if (pw != NULL) {
gid_t pw_gid = pw->pw_gid; gid_t pw_gid = pw->pw_gid;
free(evlog->runuser);
evlog->runuser = strdup(pw->pw_name); evlog->runuser = strdup(pw->pw_name);
sudo_pw_delref(pw); sudo_pw_delref(pw);
if (evlog->runuser == NULL) if (evlog->runuser == NULL)
@@ -566,6 +578,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
if (evlog->rungid != pw_gid) { if (evlog->rungid != pw_gid) {
gr = sudo_getgrgid(evlog->rungid); gr = sudo_getgrgid(evlog->rungid);
if (gr != NULL) { if (gr != NULL) {
free(evlog->rungroup);
evlog->rungroup = strdup(gr->gr_name); evlog->rungroup = strdup(gr->gr_name);
sudo_gr_delref(gr); sudo_gr_delref(gr);
if (evlog->rungroup == NULL) if (evlog->rungroup == NULL)
@@ -573,6 +586,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
} else { } else {
idbuf[0] = '#'; idbuf[0] = '#';
strlcpy(&idbuf[1], runas_gid_str, sizeof(idbuf) - 1); strlcpy(&idbuf[1], runas_gid_str, sizeof(idbuf) - 1);
free(evlog->rungroup);
evlog->rungroup = strdup(idbuf); evlog->rungroup = strdup(idbuf);
if (evlog->rungroup == NULL) if (evlog->rungroup == NULL)
goto oom; goto oom;
@@ -581,6 +595,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
} else { } else {
idbuf[0] = '#'; idbuf[0] = '#';
strlcpy(&idbuf[1], runas_uid_str, sizeof(idbuf) - 1); strlcpy(&idbuf[1], runas_uid_str, sizeof(idbuf) - 1);
free(evlog->runuser);
evlog->runuser = strdup(idbuf); evlog->runuser = strdup(idbuf);
if (evlog->runuser == NULL) if (evlog->runuser == NULL)
goto oom; goto oom;