From 569bd1d54f4be070d4ac88042586d9334343702d Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Tue, 27 Oct 2020 11:35:53 +0100 Subject: [PATCH] useradd: free grp to avoid leak covscan issue: Error: RESOURCE_LEAK (CWE-772): [#def39] [important] src/useradd.c:728: alloc_fn: Storage is returned from allocation function "get_local_group". src/useradd.c:728: var_assign: Assigning: "grp" = storage returned from "get_local_group(list)". src/useradd.c:728: overwrite_var: Overwriting "grp" in "grp = get_local_group(list)" leaks the storage that "grp" points to. 726| * GID values, otherwise the string is looked up as is. 727| */ 728|-> grp = get_local_group (list); 729| 730| /* --- src/useradd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/useradd.c b/src/useradd.c index 3544acd0..107e65f8 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -729,7 +729,7 @@ static int set_defaults (void) static int get_groups (char *list) { char *cp; - const struct group *grp; + struct group *grp; int errors = 0; int ngroups = 0; @@ -808,6 +808,7 @@ static int get_groups (char *list) * Add the group name to the user's list of groups. */ user_groups[ngroups++] = xstrdup (grp->gr_name); + free (grp); } while (NULL != list); close_group_files ();