From: Alejandro Colomar <alx@kernel.org>
Date: Thu, 16 May 2024 11:54:06 +0000 (+0200)
Subject: src/usermod.c: update_group_file(): Fix RESOURCE_LEAK (CWE-772)
X-Git-Tag: 4.15.2~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=61964aa06b9e6e0643a6519f64290f18ac04867f;p=thirdparty%2Fshadow.git

src/usermod.c: update_group_file(): Fix RESOURCE_LEAK (CWE-772)

Report:
> shadow-4.15.0/src/usermod.c:734:3: alloc_fn: Storage is returned from allocation function "__gr_dup".
> shadow-4.15.0/src/usermod.c:734:3: var_assign: Assigning: "ngrp" = storage returned from "__gr_dup(grp)".
> shadow-4.15.0/src/usermod.c:815:1: leaked_storage: Variable "ngrp" going out of scope leaks the storage it points to.
> 813|                   gr_free(ngrp);
> 814|           }
> 815|-> }
> 816|
> 817|   #ifdef SHADOWGRP

Link: https://issues.redhat.com/browse/RHEL-35383
Reported-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/src/usermod.c b/src/usermod.c
index 3048f8013..e0cfdd837 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -780,9 +780,8 @@ update_group_file(void)
 			SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
 			         user_newname, ngrp->gr_name));
 		}
-		if (!changed) {
-			continue;
-		}
+		if (!changed)
+			goto free_ngrp;
 
 		changed = false;
 		if (gr_update (ngrp) == 0) {
@@ -793,6 +792,7 @@ update_group_file(void)
 			fail_exit (E_GRP_UPDATE);
 		}
 
+free_ngrp:
 		gr_free(ngrp);
 	}
 }