[SSSD] [sssd PR#5731][opened] simple: fix memory leak while reloading lists - 1.16

Sun, 01 Aug 2021 04:03:10 -0700 

   URL: https://github.com/SSSD/sssd/pull/5731
Author: sumit-bose
 Title: #5731: simple: fix memory leak while reloading lists - 1.16
Action: opened

PR body:
"""
The simple access provider will reload the access and deny lists at
runtime to make sure that users and groups from domains which are
discovered at runtime are properly processed.

While reloading the lists the original lists are not freed and an
intermediate list wasn't removed as well.

Resolves: https://github.com/SSSD/sssd/issues/5456

:fixes: Memory leak in the simple access provider

(cherry picked from commit d16e0b6a835b6d40f98a7d8c59b6baf014cc80a1)
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5731/head:pr5731
git checkout pr5731

From ddb2216a6d0c104bd0b37a8127b3cc9862345a58 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Tue, 12 Jan 2021 16:40:56 +0100
Subject: [PATCH] simple: fix memory leak while reloading lists

The simple access provider will reload the access and deny lists at
runtime to make sure that users and groups from domains which are
discovered at runtime are properly processed.

While reloading the lists the original lists are not freed and an
intermediate list wasn't removed as well.

Resolves: https://github.com/SSSD/sssd/issues/5456

:fixes: Memory leak in the simple access provider

(cherry picked from commit d16e0b6a835b6d40f98a7d8c59b6baf014cc80a1)
---
 src/providers/simple/simple_access.c | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c
index 1868569b10..49226adf22 100644
--- a/src/providers/simple/simple_access.c
+++ b/src/providers/simple/simple_access.c
@@ -117,17 +117,13 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
         const char *name;
         const char *option;
         char **orig_list;
-        char ***ctx_list;
+        char **ctx_list;
     } lists[] = {{"Allow users", CONFDB_SIMPLE_ALLOW_USERS, NULL, NULL},
                  {"Deny users", CONFDB_SIMPLE_DENY_USERS, NULL, NULL},
                  {"Allow groups", CONFDB_SIMPLE_ALLOW_GROUPS, NULL, NULL},
                  {"Deny groups", CONFDB_SIMPLE_DENY_GROUPS, NULL, NULL},
                  {NULL, NULL, NULL, NULL}};
 
-    lists[0].ctx_list = &ctx->allow_users;
-    lists[1].ctx_list = &ctx->deny_users;
-    lists[2].ctx_list = &ctx->allow_groups;
-    lists[3].ctx_list = &ctx->deny_groups;
 
     ret = sysdb_master_domain_update(bectx->domain);
     if (ret != EOK) {
@@ -141,7 +137,6 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
                                         lists[i].option, &lists[i].orig_list);
         if (ret == ENOENT) {
             DEBUG(SSSDBG_FUNC_DATA, "%s list is empty.\n", lists[i].name);
-            *lists[i].ctx_list = NULL;
             continue;
         } else if (ret != EOK) {
             DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string_as_list failed.\n");
@@ -149,7 +144,8 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
         }
 
         ret = simple_access_parse_names(ctx, bectx, lists[i].orig_list,
-                                        lists[i].ctx_list);
+                                        &lists[i].ctx_list);
+        talloc_free(lists[i].orig_list);
         if (ret != EOK) {
             DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse %s list [%d]: %s\n",
                                         lists[i].name, ret, sss_strerror(ret));
@@ -157,6 +153,18 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
         }
     }
 
+    talloc_free(ctx->allow_users);
+    ctx->allow_users = talloc_steal(ctx, lists[0].ctx_list);
+
+    talloc_free(ctx->deny_users);
+    ctx->deny_users = talloc_steal(ctx, lists[1].ctx_list);
+
+    talloc_free(ctx->allow_groups);
+    ctx->allow_groups = talloc_steal(ctx, lists[2].ctx_list);
+
+    talloc_free(ctx->deny_groups);
+    ctx->deny_groups = talloc_steal(ctx, lists[3].ctx_list);
+
     if (!ctx->allow_users &&
             !ctx->allow_groups &&
             !ctx->deny_users &&
@@ -165,9 +173,15 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
               "No rules supplied for simple access provider. "
                "Access will be granted for all users.\n");
     }
+
+
     return EOK;
 
 failed:
+    for (i = 0; lists[i].name != NULL; i++) {
+        talloc_free(lists[i].ctx_list);
+    }
+
     return ret;
 }
 

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to