From a7f513af9187444680e3e054e0a13f818aed3307 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 6 Feb 2025 16:52:17 +0100
Subject: [PATCH] BUG/MINOR: auth: Fix a leak on error path when parsing user's
 groups

In a userlist section, when a user is parsed, if a specified group is not
found, an error is reported. In this case we must take care to release the
alredy built groups list.

It was reported by Coverity in #2841: CID 1587770.

This patch could be backported to all stable versions.
---
 src/auth.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/auth.c b/src/auth.c
index 0031300bc..92f5bc2ba 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -147,7 +147,11 @@ int userlist_postinit()
 				if (!ag) {
 					ha_alert("userlist '%s': no such group '%s' specified in user '%s'\n",
 						 curuserlist->name, group, curuser->user);
-					free(groups);
+					while (groups) {
+						grl = groups;
+						groups = groups->next;
+						free(grl);
+					}
 					return ERR_ALERT | ERR_FATAL;
 				}
 
@@ -156,7 +160,11 @@ int userlist_postinit()
 				if (!grl) {
 					ha_alert("userlist '%s': no more memory when trying to allocate the user groups.\n",
 						 curuserlist->name);
-					free(groups);
+					while (groups) {
+						grl = groups;
+						groups = groups->next;
+						free(grl);
+					}
 					return ERR_ALERT | ERR_FATAL;
 				}