Commit 47149841 authored by Neil Conway's avatar Neil Conway

Fix a theoretical memory leak in pg_password_sendauth(). If the first

malloc() succeeded but the second failed, the buffer allocated by the
first malloc() would be leaked. Fix this by allocating both buffers
via a single malloc(), as suggested by Tom.

Per Coverity static analysis performed by EnterpriseDB.
parent 401de9c8
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.102 2005/06/27 02:04:26 neilc Exp $ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.103 2005/06/30 01:59:20 neilc Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -407,27 +407,27 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) ...@@ -407,27 +407,27 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
{ {
char *crypt_pwd2; char *crypt_pwd2;
if (!(crypt_pwd = malloc(MD5_PASSWD_LEN + 1)) || /* Allocate enough space for two MD5 hashes */
!(crypt_pwd2 = malloc(MD5_PASSWD_LEN + 1))) crypt_pwd = malloc(2 * (MD5_PASSWD_LEN + 1));
if (!crypt_pwd)
{ {
fprintf(stderr, libpq_gettext("out of memory\n")); fprintf(stderr, libpq_gettext("out of memory\n"));
return STATUS_ERROR; return STATUS_ERROR;
} }
crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1;
if (!EncryptMD5(password, conn->pguser, if (!EncryptMD5(password, conn->pguser,
strlen(conn->pguser), crypt_pwd2)) strlen(conn->pguser), crypt_pwd2))
{ {
free(crypt_pwd); free(crypt_pwd);
free(crypt_pwd2);
return STATUS_ERROR; return STATUS_ERROR;
} }
if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->md5Salt, if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->md5Salt,
sizeof(conn->md5Salt), crypt_pwd)) sizeof(conn->md5Salt), crypt_pwd))
{ {
free(crypt_pwd); free(crypt_pwd);
free(crypt_pwd2);
return STATUS_ERROR; return STATUS_ERROR;
} }
free(crypt_pwd2);
break; break;
} }
case AUTH_REQ_CRYPT: case AUTH_REQ_CRYPT:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment