Free existing contents of struct eventlog before overwriting.

millert · millert · commit ce0ec8ddca9e · 2025-03-31T20:11:34.000-06:00
In the unlikely event that there are duplicate keys in info_msgs,
free the old string before overwriting with the new one.
diff --git a/logsrvd/iolog_writer.c b/logsrvd/iolog_writer.c
@@ -113,6 +113,20 @@ strlist_copy(InfoMessage__StringList *strlist)
     debug_return_ptr(NULL);
 }
 
+/*
+ * Free a NULL-terminated string vector.
+ */
+static void
+strvec_free(char *vec[])
+{
+    if (vec != NULL) {
+	char **vp;
+	for (vp = vec; *vp != NULL; vp++)
+	    free(*vp);
+	free(vec);
+    }
+}
+
 /*
  * Fill in eventlog details from an AcceptMessage
  * Caller is responsible for freeing strings in struct eventlog.
@@ -180,6 +194,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "command") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->command);
 		    if ((evlog->command = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -205,6 +220,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	case 'r':
 	    if (strcmp(key, "runargv") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRLISTVAL)) {
+		    strvec_free(evlog->runargv);
 		    evlog->runargv = strlist_copy(info->u.strlistval);
 		    if (evlog->runargv == NULL)
 			goto bad;
@@ -213,6 +229,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "runchroot") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->runchroot);
 		    if ((evlog->runchroot = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -223,6 +240,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "runcwd") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->runcwd);
 		    if ((evlog->runcwd = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -233,6 +251,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "runenv") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRLISTVAL)) {
+		    strvec_free(evlog->runenv);
 		    evlog->runenv = strlist_copy(info->u.strlistval);
 		    if (evlog->runenv == NULL)
 			goto bad;
@@ -252,6 +271,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "rungroup") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->rungroup);
 		    if ((evlog->rungroup = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -273,6 +293,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "runuser") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->runuser);
 		    if ((evlog->runuser = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -285,6 +306,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	case 's':
 	    if (strcmp(key, "source") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->source);
 		    if ((evlog->source = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -295,6 +317,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "submitcwd") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->cwd);
 		    if ((evlog->cwd = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -305,6 +328,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "submitenv") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRLISTVAL)) {
+		    strvec_free(evlog->submitenv);
 		    evlog->submitenv = strlist_copy(info->u.strlistval);
 		    if (evlog->submitenv == NULL)
 			goto bad;
@@ -313,6 +337,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "submitgroup") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->submitgroup);
 		    if ((evlog->submitgroup = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -323,6 +348,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "submithost") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->submithost);
 		    if ((evlog->submithost = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -333,6 +359,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    if (strcmp(key, "submituser") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->submituser);
 		    if ((evlog->submituser = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
@@ -345,6 +372,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	case 't':
 	    if (strcmp(key, "ttyname") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    free(evlog->ttyname);
 		    if ((evlog->ttyname = strdup(info->u.strval)) == NULL) {
 			sudo_warnx(U_("%s: %s"), __func__,
 			    U_("unable to allocate memory"));
diff --git a/logsrvd/logsrvd_local.c b/logsrvd/logsrvd_local.c
@@ -210,6 +210,7 @@ store_accept_local(AcceptMessage *msg, uint8_t *buf, size_t len,
 	}
     } else if (closure->log_io) {
 	/* Sub-command from an existing session, set iolog and offset. */
+	free(evlog->iolog_path);
 	evlog->iolog_path = strdup(closure->evlog->iolog_path);
 	if (evlog->iolog_path == NULL) {
 	    sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
@@ -273,6 +274,7 @@ store_reject_local(RejectMessage *msg, uint8_t *buf, size_t len,
 	closure->evlog = evlog;
     } else if (closure->log_io) {
 	/* Sub-command from an existing session, set iolog and offset. */
+	free(evlog->iolog_path);
 	evlog->iolog_path = strdup(closure->evlog->iolog_path);
 	if (evlog->iolog_path == NULL) {
 	    sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
@@ -412,6 +414,7 @@ store_exit_local(ExitMessage *msg, uint8_t *buf, size_t len,
 	sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
 	    "command was killed by SIG%s%s", msg->signal,
 	    msg->dumped_core ? " (core dumped)" : "");
+	free(evlog->signal_name);
 	evlog->signal_name = strdup(msg->signal);
 	if (evlog->signal_name == NULL) {
 	    closure->errstr = _("unable to allocate memory");
diff --git a/plugins/audit_json/audit_json.c b/plugins/audit_json/audit_json.c
@@ -141,6 +141,7 @@ audit_json_open(unsigned int version, sudo_conv_t conversation,
     if (plugin_options != NULL) {
 	for (cur = plugin_options; (cp = *cur) != NULL; cur++) {
 	    if (strncmp(cp, "logfile=", sizeof("logfile=") - 1) == 0) {
+		free(state.logfile);
 		state.logfile = strdup(cp + sizeof("logfile=") - 1);
 		if (state.logfile == NULL)
 		    goto oom;
