From 8123bcbf53dba7731c4325a94ccf65c15254e1e0 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 6 Jul 2021 12:25:32 +0200 Subject: [PATCH 1/2] Fix memory errors in modify_permission The string "subject_where_old" was not freed when returning if check_permission_args failed. The string "name" was still used after being freed. (cherry picked from commit 51367b505399da0f6e101d1aaf6820f23e0ecaee) --- src/manage_sql.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 1b38c83ae..ce15b30c7 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -44746,6 +44746,7 @@ modify_permission (const char *permission_id, const char *name_arg, free (new_resource_id); free (existing_subject_type); free (new_subject_id); + g_free (subject_where_old); sql_rollback (); return ret; } @@ -44798,7 +44799,6 @@ modify_permission (const char *permission_id, const char *name_arg, || (resource_id == NULL)); quoted_name = sql_quote (name); - g_free (name); sql ("UPDATE permissions SET" " name = '%s'," @@ -44882,6 +44882,7 @@ modify_permission (const char *permission_id, const char *name_arg, free (new_resource_id); free (existing_subject_type); free (new_subject_id); + g_free (name); free (old_name); free (old_resource_type); g_free (subject_where); From 0589d976a0ce31cb6dd8facfab9d5a10407da6e0 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 6 Jul 2021 12:28:37 +0200 Subject: [PATCH 2/2] Add CHANGELOG entry for modify_permission fix (cherry picked from commit fb06bc01450cf251d88da70ddf47958ffe77c1d7) --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fc483ba08..70149c89f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Deprecated ### Removed ### Fixed +- Fix memory errors in modify_permission [#1613](https://github.com/greenbone/gvmd/pull/1613) [Unreleased]: https://github.com/greenbone/gvmd/compare/v20.8.2...gvmd-20.08