URL: https://github.com/SSSD/sssd/pull/5731 Author: sumit-bose Title: #5731: simple: fix memory leak while reloading lists - 1.16 Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5731/head:pr5731 git checkout pr5731
From e03b120567446220b7903907147ff27b3dfeca7a Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Tue, 12 Jan 2021 16:40:56 +0100 Subject: [PATCH] simple: fix memory leak while reloading lists The simple access provider will reload the access and deny lists at runtime to make sure that users and groups from domains which are discovered at runtime are properly processed. While reloading the lists the original lists are not freed and an intermediate list wasn't removed as well. Resolves: https://github.com/SSSD/sssd/issues/5456 :fixes: Memory leak in the simple access provider Reviewed-by: Alexey Tikhonov <atikh...@redhat.com> (cherry picked from commit 19c2c641e669ee1c08d6706c132625dc30e64609) --- src/providers/simple/simple_access.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c index 1868569b10..49226adf22 100644 --- a/src/providers/simple/simple_access.c +++ b/src/providers/simple/simple_access.c @@ -117,17 +117,13 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx) const char *name; const char *option; char **orig_list; - char ***ctx_list; + char **ctx_list; } lists[] = {{"Allow users", CONFDB_SIMPLE_ALLOW_USERS, NULL, NULL}, {"Deny users", CONFDB_SIMPLE_DENY_USERS, NULL, NULL}, {"Allow groups", CONFDB_SIMPLE_ALLOW_GROUPS, NULL, NULL}, {"Deny groups", CONFDB_SIMPLE_DENY_GROUPS, NULL, NULL}, {NULL, NULL, NULL, NULL}}; - lists[0].ctx_list = &ctx->allow_users; - lists[1].ctx_list = &ctx->deny_users; - lists[2].ctx_list = &ctx->allow_groups; - lists[3].ctx_list = &ctx->deny_groups; ret = sysdb_master_domain_update(bectx->domain); if (ret != EOK) { @@ -141,7 +137,6 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx) lists[i].option, &lists[i].orig_list); if (ret == ENOENT) { DEBUG(SSSDBG_FUNC_DATA, "%s list is empty.\n", lists[i].name); - *lists[i].ctx_list = NULL; continue; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string_as_list failed.\n"); @@ -149,7 +144,8 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx) } ret = simple_access_parse_names(ctx, bectx, lists[i].orig_list, - lists[i].ctx_list); + &lists[i].ctx_list); + talloc_free(lists[i].orig_list); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse %s list [%d]: %s\n", lists[i].name, ret, sss_strerror(ret)); @@ -157,6 +153,18 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx) } } + talloc_free(ctx->allow_users); + ctx->allow_users = talloc_steal(ctx, lists[0].ctx_list); + + talloc_free(ctx->deny_users); + ctx->deny_users = talloc_steal(ctx, lists[1].ctx_list); + + talloc_free(ctx->allow_groups); + ctx->allow_groups = talloc_steal(ctx, lists[2].ctx_list); + + talloc_free(ctx->deny_groups); + ctx->deny_groups = talloc_steal(ctx, lists[3].ctx_list); + if (!ctx->allow_users && !ctx->allow_groups && !ctx->deny_users && @@ -165,9 +173,15 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx) "No rules supplied for simple access provider. " "Access will be granted for all users.\n"); } + + return EOK; failed: + for (i = 0; lists[i].name != NULL; i++) { + talloc_free(lists[i].ctx_list); + } + return ret; }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
