43 lines
1.3 KiB
Diff
43 lines
1.3 KiB
Diff
From 569bd1d54f4be070d4ac88042586d9334343702d Mon Sep 17 00:00:00 2001
|
|
From: ikerexxe <ipedrosa@redhat.com>
|
|
Date: Tue, 27 Oct 2020 11:35:53 +0100
|
|
Subject: [PATCH] useradd: free grp to avoid leak
|
|
|
|
covscan issue:
|
|
Error: RESOURCE_LEAK (CWE-772): [#def39] [important]
|
|
src/useradd.c:728: alloc_fn: Storage is returned from allocation function "get_local_group".
|
|
src/useradd.c:728: var_assign: Assigning: "grp" = storage returned from "get_local_group(list)".
|
|
src/useradd.c:728: overwrite_var: Overwriting "grp" in "grp = get_local_group(list)" leaks the storage that "grp" points to.
|
|
726| * GID values, otherwise the string is looked up as is.
|
|
727| */
|
|
728|-> grp = get_local_group (list);
|
|
729|
|
|
730| /*
|
|
---
|
|
src/useradd.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/useradd.c b/src/useradd.c
|
|
index 3544acd0..107e65f8 100644
|
|
--- a/src/useradd.c
|
|
+++ b/src/useradd.c
|
|
@@ -729,7 +729,7 @@ static int set_defaults (void)
|
|
static int get_groups (char *list)
|
|
{
|
|
char *cp;
|
|
- const struct group *grp;
|
|
+ struct group *grp;
|
|
int errors = 0;
|
|
int ngroups = 0;
|
|
|
|
@@ -808,6 +808,7 @@ static int get_groups (char *list)
|
|
* Add the group name to the user's list of groups.
|
|
*/
|
|
user_groups[ngroups++] = xstrdup (grp->gr_name);
|
|
+ free (grp);
|
|
} while (NULL != list);
|
|
|
|
user_groups[ngroups] = (char *) 0;
|
|
--
|
|
|