101 lines
3.7 KiB
Diff
101 lines
3.7 KiB
Diff
From 19c2c641e669ee1c08d6706c132625dc30e64609 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Tue, 12 Jan 2021 16:40:56 +0100
|
|
Subject: [PATCH] simple: fix memory leak while reloading lists
|
|
|
|
The simple access provider will reload the access and deny lists at
|
|
runtime to make sure that users and groups from domains which are
|
|
discovered at runtime are properly processed.
|
|
|
|
While reloading the lists the original lists are not freed and an
|
|
intermediate list wasn't removed as well.
|
|
|
|
Resolves: https://github.com/SSSD/sssd/issues/5456
|
|
|
|
:fixes: Memory leak in the simple access provider
|
|
|
|
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
|
---
|
|
src/providers/simple/simple_access.c | 28 +++++++++++++++++++++-------
|
|
1 file changed, 21 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c
|
|
index 1868569b1..49226adf2 100644
|
|
--- a/src/providers/simple/simple_access.c
|
|
+++ b/src/providers/simple/simple_access.c
|
|
@@ -117,17 +117,13 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
const char *name;
|
|
const char *option;
|
|
char **orig_list;
|
|
- char ***ctx_list;
|
|
+ char **ctx_list;
|
|
} lists[] = {{"Allow users", CONFDB_SIMPLE_ALLOW_USERS, NULL, NULL},
|
|
{"Deny users", CONFDB_SIMPLE_DENY_USERS, NULL, NULL},
|
|
{"Allow groups", CONFDB_SIMPLE_ALLOW_GROUPS, NULL, NULL},
|
|
{"Deny groups", CONFDB_SIMPLE_DENY_GROUPS, NULL, NULL},
|
|
{NULL, NULL, NULL, NULL}};
|
|
|
|
- lists[0].ctx_list = &ctx->allow_users;
|
|
- lists[1].ctx_list = &ctx->deny_users;
|
|
- lists[2].ctx_list = &ctx->allow_groups;
|
|
- lists[3].ctx_list = &ctx->deny_groups;
|
|
|
|
ret = sysdb_master_domain_update(bectx->domain);
|
|
if (ret != EOK) {
|
|
@@ -141,7 +137,6 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
lists[i].option, &lists[i].orig_list);
|
|
if (ret == ENOENT) {
|
|
DEBUG(SSSDBG_FUNC_DATA, "%s list is empty.\n", lists[i].name);
|
|
- *lists[i].ctx_list = NULL;
|
|
continue;
|
|
} else if (ret != EOK) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string_as_list failed.\n");
|
|
@@ -149,7 +144,8 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
}
|
|
|
|
ret = simple_access_parse_names(ctx, bectx, lists[i].orig_list,
|
|
- lists[i].ctx_list);
|
|
+ &lists[i].ctx_list);
|
|
+ talloc_free(lists[i].orig_list);
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse %s list [%d]: %s\n",
|
|
lists[i].name, ret, sss_strerror(ret));
|
|
@@ -157,6 +153,18 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
}
|
|
}
|
|
|
|
+ talloc_free(ctx->allow_users);
|
|
+ ctx->allow_users = talloc_steal(ctx, lists[0].ctx_list);
|
|
+
|
|
+ talloc_free(ctx->deny_users);
|
|
+ ctx->deny_users = talloc_steal(ctx, lists[1].ctx_list);
|
|
+
|
|
+ talloc_free(ctx->allow_groups);
|
|
+ ctx->allow_groups = talloc_steal(ctx, lists[2].ctx_list);
|
|
+
|
|
+ talloc_free(ctx->deny_groups);
|
|
+ ctx->deny_groups = talloc_steal(ctx, lists[3].ctx_list);
|
|
+
|
|
if (!ctx->allow_users &&
|
|
!ctx->allow_groups &&
|
|
!ctx->deny_users &&
|
|
@@ -165,9 +173,15 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
|
|
"No rules supplied for simple access provider. "
|
|
"Access will be granted for all users.\n");
|
|
}
|
|
+
|
|
+
|
|
return EOK;
|
|
|
|
failed:
|
|
+ for (i = 0; lists[i].name != NULL; i++) {
|
|
+ talloc_free(lists[i].ctx_list);
|
|
+ }
|
|
+
|
|
return ret;
|
|
}
|
|
|
|
--
|
|
2.21.3
|
|
|