Fix memory leaks if random salt generation fails.

In the backend, this is just to silence coverity warnings, but in the frontend, it's a genuine leak, even if extremely rare. Spotted by Coverity, patch by Michael Paquier.

Fix memory leaks if random salt generation fails.
In the backend, this is just to silence coverity warnings, but in the frontend, it's a genuine leak, even if extremely rare. Spotted by Coverity, patch by Michael Paquier.
0186ded5 · Heikki Linnakangas · a54d5875 · 0186ded5 · 0186ded5
Commit 0186ded5 authored May 07, 2017 by Heikki Linnakangas
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

src/backend/libpq/auth-scram.c src/backend/libpq/auth-scram.c +2 -0

src/interfaces/libpq/fe-auth-scram.c src/interfaces/libpq/fe-auth-scram.c +4 -0

No files found.
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -411,6 +411,8 @@ pg_be_scram_build_verifier(const char *password)
 		ereport(LOG,
 				(errcode(ERRCODE_INTERNAL_ERROR),
 				 errmsg("could not generate random salt")));
+		if (prep_password)
+			pfree(prep_password);
 		return NULL;
 	}


--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -638,7 +638,11 @@ pg_fe_scram_build_verifier(const char *password)

 	/* Generate a random salt */
 	if (!pg_frontend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
+	{
+		if (prep_password)
+			free(prep_password);
 		return NULL;
+	}

 	result = scram_build_verifier(saltbuf, SCRAM_DEFAULT_SALT_LEN,
 								  SCRAM_DEFAULT_ITERATIONS, password);