From 8a624c126438497c5775c5298649cd87a4d68e72 Mon Sep 17 00:00:00 2001 From: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com> Date: Fri, 14 Oct 2022 19:15:15 -0400 Subject: [PATCH] prevent memory leak when using control group factors in a policy (#17532) * prevent a possible memory leak when using control group factors in a policy * CL --- changelog/17532.txt | 3 +++ vault/acl.go | 6 +++++- vault/policy.go | 11 +++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 changelog/17532.txt diff --git a/changelog/17532.txt b/changelog/17532.txt new file mode 100644 index 000000000..0a0926197 --- /dev/null +++ b/changelog/17532.txt @@ -0,0 +1,3 @@ +```release-note:bug +core: prevent memory leak when using control group factors in a policy +``` diff --git a/vault/acl.go b/vault/acl.go index 9dffe34f6..7aeb102bd 100644 --- a/vault/acl.go +++ b/vault/acl.go @@ -260,7 +260,11 @@ func NewACL(ctx context.Context, policies []*Policy) (*ACL, error) { if pc.Permissions.ControlGroup != nil { if len(pc.Permissions.ControlGroup.Factors) > 0 { if existingPerms.ControlGroup == nil { - existingPerms.ControlGroup = pc.Permissions.ControlGroup + cg, err := pc.Permissions.ControlGroup.Clone() + if err != nil { + return nil, err + } + existingPerms.ControlGroup = cg } else { existingPerms.ControlGroup.Factors = append(existingPerms.ControlGroup.Factors, pc.Permissions.ControlGroup.Factors...) } diff --git a/vault/policy.go b/vault/policy.go index 75084c4d8..bdd93bffb 100644 --- a/vault/policy.go +++ b/vault/policy.go @@ -149,6 +149,17 @@ type ControlGroup struct { Factors []*ControlGroupFactor } +func (c *ControlGroup) Clone() (*ControlGroup, error) { + clonedControlGroup, err := copystructure.Copy(c) + if err != nil { + return nil, err + } + + cg := clonedControlGroup.(*ControlGroup) + + return cg, nil +} + type ControlGroupFactor struct { Name string Identity *IdentityFactor `hcl:"identity"`