Fix two thinkos related to strong random keys.

pg_backend_random() is used for MD5 salt generation, but it can fail, and no checks were done on its status code. Fix memory leak, if generating a random number for a cancel key failed. Both issues were spotted by Coverity. Fix by Michael Paquier.

Fix two thinkos related to strong random keys.
pg_backend_random() is used for MD5 salt generation, but it can fail, and no checks were done on its status code. Fix memory leak, if generating a random number for a cancel key failed. Both issues were spotted by Coverity. Fix by Michael Paquier.
41493bac · Heikki Linnakangas · ad365b2f · 41493bac · 41493bac
Commit 41493bac authored Dec 12, 2016 by Heikki Linnakangas
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

src/backend/libpq/auth.c src/backend/libpq/auth.c +6 -1

src/backend/postmaster/postmaster.c src/backend/postmaster/postmaster.c +1 -0

No files found.
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -715,7 +715,12 @@ CheckMD5Auth(Port *port, char **logdetail)
 				 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));

 	/* include the salt to use for computing the response */
-	pg_backend_random(md5Salt, 4);
+	if (!pg_backend_random(md5Salt, 4))
+	{
+		ereport(LOG,
+				(errmsg("could not acquire random number for MD5 salt.")));
+		return STATUS_ERROR;
+	}

 	sendAuthRequest(port, AUTH_REQ_MD5, md5Salt, 4);


--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -3901,6 +3901,7 @@ BackendStartup(Port *port)
 	 */
 	if (!RandomCancelKey(&MyCancelKey))
 	{
+		free(bn);
 		ereport(LOG,
 				(errcode(ERRCODE_OUT_OF_MEMORY),
 				 errmsg("could not acquire random number")));