conf: avoid double-frees in userns_exec_1()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 208c5ca0d35233c0faa71c38827b29289e84c3fc..f5357d51bf6261b43267357fefccfd4723725a1e 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4837,17 +4837,16 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
                goto on_error;
        }
 
+       host_uid_map = container_root_uid;
+       host_gid_map = container_root_gid;
+
        /* Check whether the {g,u}id of the user has a mapping. */
        euid = geteuid();
        egid = getegid();
-       if (euid == container_root_uid->hostid)
-               host_uid_map = container_root_uid;
-       else
+       if (euid != container_root_uid->hostid)
                host_uid_map = idmap_add(conf, euid, ID_TYPE_UID);
 
-       if (egid == container_root_gid->hostid)
-               host_gid_map = container_root_gid;
-       else
+       if (egid != container_root_gid->hostid)
                host_gid_map = idmap_add(conf, egid, ID_TYPE_GID);
 
        if (!host_uid_map) {
@@ -4873,7 +4872,7 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
        lxc_list_add_elem(tmplist, container_root_uid);
        lxc_list_add_tail(idmap, tmplist);
 
-       if (host_uid_map != container_root_uid) {
+       if (host_uid_map && (host_uid_map != container_root_uid)) {
                /* idmap will now keep track of that memory. */
                container_root_uid = NULL;
 
@@ -4883,9 +4882,11 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
                        goto on_error;
                lxc_list_add_elem(tmplist, host_uid_map);
                lxc_list_add_tail(idmap, tmplist);
-               /* idmap will now keep track of that memory. */
-               host_uid_map = NULL;
        }
+       /* idmap will now keep track of that memory. */
+       container_root_uid = NULL;
+       /* idmap will now keep track of that memory. */
+       host_uid_map = NULL;
 
        tmplist = malloc(sizeof(*tmplist));
        if (!tmplist)
@@ -4893,7 +4894,7 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
        lxc_list_add_elem(tmplist, container_root_gid);
        lxc_list_add_tail(idmap, tmplist);
 
-       if (host_gid_map != container_root_gid) {
+       if (host_gid_map && (host_gid_map != container_root_gid)) {
                /* idmap will now keep track of that memory. */
                container_root_gid = NULL;
 
@@ -4902,9 +4903,11 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
                        goto on_error;
                lxc_list_add_elem(tmplist, host_gid_map);
                lxc_list_add_tail(idmap, tmplist);
-               /* idmap will now keep track of that memory. */
-               host_gid_map = NULL;
        }
+       /* idmap will now keep track of that memory. */
+       container_root_gid = NULL;
+       /* idmap will now keep track of that memory. */
+       host_gid_map = NULL;
 
        if (lxc_log_get_level() == LXC_LOG_PRIORITY_TRACE ||
            conf->loglevel == LXC_LOG_PRIORITY_TRACE) {
@@ -4937,11 +4940,16 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
        ret = wait_for_pid(pid);
 
 on_error:
-       lxc_free_idmap(idmap);
-       free(container_root_uid);
-       free(container_root_gid);
-       free(host_uid_map);
-       free(host_gid_map);
+       if (idmap)
+               lxc_free_idmap(idmap);
+       if (container_root_uid)
+               free(container_root_uid);
+       if (container_root_gid)
+               free(container_root_gid);
+       if (host_uid_map && (host_uid_map != container_root_uid))
+               free(host_uid_map);
+       if (host_gid_map && (host_gid_map != container_root_gid))
+               free(host_gid_map);
 
        if (p[0] != -1)
                close(p[0]);