89 lines
2.7 KiB
Diff
89 lines
2.7 KiB
Diff
From 22a01410bdac0ead284e0611b7814a56973a860a Mon Sep 17 00:00:00 2001
|
|
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
|
Date: Thu, 24 Feb 2022 07:56:38 -0700
|
|
Subject: [PATCH] sudo_ldap_parse_options: fix memory leak of sudoRole cn
|
|
string. Coverity CID 249976
|
|
|
|
---
|
|
plugins/sudoers/ldap.c | 41 ++++++++++++++++++-----------------------
|
|
1 file changed, 18 insertions(+), 23 deletions(-)
|
|
|
|
diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
|
|
index e3c47b9bc..13e74160b 100644
|
|
--- a/plugins/sudoers/ldap.c
|
|
+++ b/plugins/sudoers/ldap.c
|
|
@@ -421,38 +421,31 @@ sudo_ldap_get_first_rdn(LDAP *ld, LDAPMessage *entry, int *rc)
|
|
static bool
|
|
sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry, struct defaults_list *defs)
|
|
{
|
|
- struct berval **bv, **p;
|
|
- char *cn, *cp, *source = NULL;
|
|
+ struct berval **p, **bv = NULL;
|
|
+ char *cp, *cn = NULL, *source = NULL;
|
|
bool ret = false;
|
|
int rc;
|
|
debug_decl(sudo_ldap_parse_options, SUDOERS_DEBUG_LDAP);
|
|
|
|
bv = sudo_ldap_get_values_len(ld, entry, "sudoOption", &rc);
|
|
if (bv == NULL) {
|
|
- if (rc == LDAP_NO_MEMORY) {
|
|
- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
- debug_return_bool(false);
|
|
- }
|
|
+ if (rc == LDAP_NO_MEMORY)
|
|
+ goto oom;
|
|
debug_return_bool(true);
|
|
}
|
|
|
|
/* Use sudoRole in place of file name in defaults. */
|
|
cn = sudo_ldap_get_first_rdn(ld, entry, &rc);
|
|
if (cn == NULL) {
|
|
- if (rc == LDAP_NO_MEMORY) {
|
|
- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
- goto done;
|
|
- }
|
|
- }
|
|
- if (asprintf(&cp, "sudoRole %s", cn ? cn : "UNKNOWN") == -1) {
|
|
- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
- goto done;
|
|
- }
|
|
- if ((source = sudo_rcstr_dup(cp)) == NULL) {
|
|
- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
- free(cp);
|
|
- goto done;
|
|
+ if (rc == LDAP_NO_MEMORY)
|
|
+ goto oom;
|
|
}
|
|
+ if (asprintf(&cp, "sudoRole %s", cn ? cn : "UNKNOWN") == -1)
|
|
+ goto oom;
|
|
+ source = sudo_rcstr_dup(cp);
|
|
+ free(cp);
|
|
+ if (source == NULL)
|
|
+ goto oom;
|
|
|
|
/* Walk through options, appending to defs. */
|
|
for (p = bv; *p != NULL; p++) {
|
|
@@ -460,13 +453,15 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry, struct defaults_list *defs
|
|
int op;
|
|
|
|
op = sudo_ldap_parse_option((*p)->bv_val, &var, &val);
|
|
- if (!append_default(var, val, op, source, defs)) {
|
|
- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
- goto done;
|
|
- }
|
|
+ if (!append_default(var, val, op, source, defs))
|
|
+ goto oom;
|
|
}
|
|
|
|
ret = true;
|
|
+ goto done;
|
|
+
|
|
+oom:
|
|
+ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
|
|
done:
|
|
sudo_rcstr_delref(source);
|
|
--
|
|
2.33.0
|
|
|