From bdd8519d038f3d82c65a4b327ab4a394ad3f0266 Mon Sep 17 00:00:00 2001 From: OpenGnSys Support Team Date: Tue, 22 Sep 2020 15:22:26 +0200 Subject: #988 use-after-free in json configuration parser The cfg structure stores pointers to the string in this json tree. Do not release the json tree, keep it as field in the cfg structure. --- src/cfg.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) (limited to 'src/cfg.c') diff --git a/src/cfg.c b/src/cfg.c index bd38a84..fa88fc1 100644 --- a/src/cfg.c +++ b/src/cfg.c @@ -121,19 +121,22 @@ int parse_json_config(const char *filename, struct og_server_cfg *cfg) json_object_foreach(root, key, value) { if (!strcmp(key, "rest")) { - if (parse_json_rest(cfg, value) < 0) - return -1; - + if (parse_json_rest(cfg, value) < 0) { + ret = -1; + break; + } flags |= OG_SERVER_CFG_REST; } else if (!strcmp(key, "wol")) { - if (parse_json_wol(cfg, value) < 0) - return -1; - + if (parse_json_wol(cfg, value) < 0) { + ret = -1; + break; + } flags |= OG_SERVER_CFG_WOL; } else if (!strcmp(key, "database")) { - if (parse_json_db(cfg, value) < 0) - return -1; - + if (parse_json_db(cfg, value) < 0) { + ret = -1; + break; + } flags |= OG_SERVER_CFG_DB; } else { syslog(LOG_ERR, "unknown key `%s' in %s\n", @@ -142,6 +145,9 @@ int parse_json_config(const char *filename, struct og_server_cfg *cfg) } } + if (ret < 0) + json_decref(root); + if ((flags & OG_SERVER_CFG_REST) && (flags & OG_SERVER_CFG_DB) && (flags & OG_SERVER_CFG_WOL)) { @@ -151,7 +157,10 @@ int parse_json_config(const char *filename, struct og_server_cfg *cfg) ret = -1; } - json_decref(root); + if (ret < 0) + json_decref(root); + else + cfg->json = root; return ret; } -- cgit v1.2.3-18-g5258