upstream: fix leak of CanonicalizePermittedCNAMEs on error path;

spotted by Coverity (CID 438039) OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af
2024-03-04 04:13:18 +00:00 · 2024-03-04 04:13:18 +00:00 · 3deb501f86
parent 65a44a8a4f
commit 3deb501f86
1 changed files with 19 additions and 7 deletions
--- a/readconf.c
+++ b/readconf.c
@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.385 2024/03/04 02:16:11 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.386 2024/03/04 04:13:18 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -890,6 +890,20 @@ parse_token(const char *cp, const char *filename, int linenum,
 	return oBadOption;
 }

+static void
+free_canon_cnames(struct allowed_cname *cnames, u_int n)
+{
+	u_int i;
+
+	if (cnames == NULL || n == 0)
+		return;
+	for (i = 0; i < n; i++) {
+		free(cnames[i].source_list);
+		free(cnames[i].target_list);
+	}
+	free(cnames);
+}
+
 /* Multistate option parsing */
 struct multistate {
 	char *key;
@ -2160,13 +2174,10 @@ parse_pubkey_algos:
 		if (found && *activep) {
 			options->permitted_cnames = cnames;
 			options->num_permitted_cnames = ncnames;
-		} else {
-			for (i = 0; i < ncnames; i++) {
-				free(cnames[i].source_list);
-				free(cnames[i].target_list);
-			}
-			free(cnames);
+			cnames = NULL; /* transferred */
+			ncnames = 0;
 		}
+		/* un-transferred cnames is cleaned up before exit */
 		break;

 	case oCanonicalizeHostname:
@ -2405,6 +2416,7 @@ parse_pubkey_algos:
 	/* success */
 	ret = 0;
 out:
+	free_canon_cnames(cnames, ncnames);
 	opt_array_free2(strs, NULL, nstrs);
 	argv_free(oav, oac);
 	return ret;