From 746cf9c9c89b8b0c6f39b8ec3f07a0386e61a8ae Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@tuebingen.mpg.de>
Date: Sun, 6 Aug 2017 21:24:03 +0200
Subject: [PATCH] server: Fix memory leak in com_check().

parse_mood_line() is called by the select command to set up a mood
item structure for each line of the mood definition. The item is stored
in one of the three lists of the mood structure provided by the caller.

The check command also calls parse_mood_line() to verify the mood
definitions. However, since it does not create a new mood, it does
not allocate a mood structure and passes a null pointer instead.

parse_mood_line() frees the mood item in the error case, but misses
to do so if a successfully parsed mood line was not added to any of
the three lists because the mood pointer is NULL, leaking the mood
item. This commit plugs the leak by adjusting the condition on which
to free the mood item.

This bug was introduced 10 years ago when mood checking was implemented
in commit 02baea14. It was found by code inspection.
---
 mood.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/mood.c b/mood.c
index 79f47e5a..196d80e2 100644
--- a/mood.c
+++ b/mood.c
@@ -365,9 +365,7 @@ success:
 	ret = 1;
 out:
 	free_argv(argv);
-	if (ret >= 0)
-		return ret;
-	if (mi) {
+	if (mi && (ret < 0 || !mlpd->m)) { /* mi was not added to any list */
 		free(mi->parser_data);
 		free(mi);
 	}
-- 
2.39.2