git.ipfire.org Git - thirdparty/vim.git/commit

author	Christian Brabandt <cb@256bit.org>
	Sun, 24 Mar 2024 08:50:03 +0000 (09:50 +0100)
committer	Christian Brabandt <cb@256bit.org>
	Sun, 24 Mar 2024 08:50:03 +0000 (09:50 +0100)
commit	7a2f217988afa1c35b9c093a9d3477198ea250b9
tree	d38ef0a4c5ed0b563bd4820693b982f0ed58027a	tree
parent	366c81a2005370ac738618d889ec0337397a9f96	commit \| diff

patch 9.1.0202: leaking memory in add_user() on failure

Problem: leaking memory in add_user() (LuMingYinDetect)
Solution: free user_copy pointer instead of the user ptr

add_user() is called with a user pointer and the user pointer comes
from these functions:
- return value from the getpwent() function (Unix).
- return value from the getpwnam() function (Unix).
- return value from the NetUserEnum() function (MS Windows).

For the first 2 callers, the man page for those functions directly says,
one should not free the returned pointer (since it comes from static
memory).
For the third caller (on MS Windows), the returned buffer is already
freed directly after calling the add_user() function in
NetApiBufferFree(), so this would lead to a double free().

This all indicates, the user ptr is wrongly freed in the add_user()
function and the intention was to free the user_copy pointer instead in
case of an error.

So let's just use that now.

fixes: #14250
closes: #14260

Signed-off-by: Christian Brabandt <cb@256bit.org>

src/misc1.c		diff \| blob \| blame \| history
src/version.c		diff \| blob \| blame \| history