From 3b3405bc2f6fe2f71ce08cd20bd2938f5f75efec Mon Sep 17 00:00:00 2001
From: OpenGnSys Support Team <soporte-og@soleta.eu>
Date: Tue, 23 Feb 2021 10:47:21 +0100
Subject: #1019 UAF in schedule run

Otherwise accessing IP address results in use-after-free.
---
 src/rest.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/rest.c b/src/rest.c
index bee5e24..a3377bc 100644
--- a/src/rest.c
+++ b/src/rest.c
@@ -2924,7 +2924,7 @@ void og_schedule_run(unsigned int task_id, unsigned int schedule_id,
 		}
 
 		if (!duplicated)
-			params.ips_array[params.ips_array_len++] = cmd->ip;
+			params.ips_array[params.ips_array_len++] = strdup(cmd->ip);
 		else
 			duplicated = false;
 	}
@@ -2945,6 +2945,9 @@ void og_schedule_run(unsigned int task_id, unsigned int schedule_id,
 	}
 
 	og_send_request(OG_METHOD_GET, OG_CMD_RUN_SCHEDULE, &params, NULL);
+
+	for (i = 0; i < params.ips_array_len; i++)
+		free((void *)params.ips_array[i]);
 }
 
 static int og_cmd_task_post(json_t *element, struct og_msg_params *params)
-- 
cgit v1.2.3-18-g5258