BUG/MINOR: auth: Fix a leak on error path when parsing user's groups

In a userlist section, when a user is parsed, if a specified group is not
found, an error is reported. In this case we must take care to release the
alredy built groups list.

It was reported by Coverity in #2841: CID 1587770.

This patch could be backported to all stable versions.

diff --git a/src/auth.c b/src/auth.c
index 0031300bc58dd42c6b01246a72855e8b3e3111da..92f5bc2baf8161f03185f322bdccf7963f747ef3 100644 (file)
--- a/src/auth.c
+++ b/src/auth.c
@@ -147,7 +147,11 @@ int userlist_postinit()
                                if (!ag) {
                                        ha_alert("userlist '%s': no such group '%s' specified in user '%s'\n",
                                                 curuserlist->name, group, curuser->user);
-                                       free(groups);
+                                       while (groups) {
+                                               grl = groups;
+                                               groups = groups->next;
+                                               free(grl);
+                                       }
                                        return ERR_ALERT | ERR_FATAL;
                                }
 
@@ -156,7 +160,11 @@ int userlist_postinit()
                                if (!grl) {
                                        ha_alert("userlist '%s': no more memory when trying to allocate the user groups.\n",
                                                 curuserlist->name);
-                                       free(groups);
+                                       while (groups) {
+                                               grl = groups;
+                                               groups = groups->next;
+                                               free(grl);
+                                       }
                                        return ERR_ALERT | ERR_FATAL;
                                }