autofs-5.1.9 - fix memory leak in cache_release()

From: Ian Kent <raven@themaw.net>

cache_release() does not free the map entry stack if there is one.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG   |    1 +
 lib/cache.c |   22 +++++++++++++++++-----
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index aaee3c574..2da197e5e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -20,6 +20,7 @@
 - Remove mentioning of nonstrict option in comment in samples/auto.net.
 - Use AUTOFS_ prefixed environment variables in sample/auto.smb.
 - man/autofs.conf.5: fix manpage formatting.
+- fix memory leak in cache_release().
 
 02/11/2023 autofs-5.1.9
 - fix kernel mount status notification.
diff --git a/lib/cache.c b/lib/cache.c
index 2135d70d4..3b5a0cbbd 100644
--- a/lib/cache.c
+++ b/lib/cache.c
@@ -831,13 +831,13 @@ void cache_release(struct map_source *map)
 {
 	struct mapent_cache *mc;
 	struct mapent *me, *next;
+	struct stack *s;
 	int status;
 	unsigned int i;
 
 	mc = map->mc;
 
 	cache_writelock(mc);
-
 	for (i = 0; i < mc->size; i++) {
 		me = mc->hash[i];
 		if (me == NULL)
@@ -846,6 +846,14 @@ void cache_release(struct map_source *map)
 		free(me->key);
 		if (me->mapent)
 			free(me->mapent);
+		s = me->stack;
+		while (s) {
+			struct stack *next = s->next;
+			if (s->mapent)
+				free(s->mapent);
+			free(s);
+			s = next;
+		}
 		free(me);
 
 		while (next != NULL) {
@@ -854,12 +862,18 @@ void cache_release(struct map_source *map)
 			free(me->key);
 			if (me->mapent)
 				free(me->mapent);
+			s = me->stack;
+			while (s) {
+				struct stack *next = s->next;
+				if (s->mapent)
+					free(s->mapent);
+				free(s);
+				s = next;
+			}
 			free(me);
 		}
 	}
-
 	map->mc = NULL;
-
 	cache_unlock(mc);
 
 	status = pthread_mutex_destroy(&mc->ino_index_mutex);
@@ -903,9 +917,7 @@ void cache_release_null_cache(struct master *master)
 			free(me);
 		}
 	}
-
 	master->nc = NULL;
-
 	cache_unlock(mc);
 
 	status = pthread_mutex_destroy(&mc->ino_index_mutex);