Fix minor memory leak in ident_inet().

We'd leak the ident_serv data structure if the second pg_getaddrinfo_all (the one for the local address) failed. This is not of great consequence because a failure return here just leads directly to backend exit(), but if this function is going to try to clean up after itself at all, it should not have such holes in the logic. Try to fix it in a future-proof way by having all the failure exits go through the same cleanup path, rather than "optimizing" some of them. Per Coverity. Back-patch to 9.2, which is as far back as this patch applies cleanly.

Fix minor memory leak in ident_inet().
We'd leak the ident_serv data structure if the second pg_getaddrinfo_all (the one for the local address) failed. This is not of great consequence because a failure return here just leads directly to backend exit(), but if this function is going to try to clean up after itself at all, it should not have such holes in the logic. Try to fix it in a future-proof way by having all the failure exits go through the same cleanup path, rather than "optimizing" some of them. Per Coverity. Back-patch to 9.2, which is as far back as this patch applies cleanly.
58146d35 · Tom Lane · 9179444d · 58146d35
Commit 58146d35 authored Feb 11, 2015 by Tom Lane
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 10 deletions

src/backend/libpq/auth.c src/backend/libpq/auth.c +11 -10

No files found.
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1405,8 +1405,7 @@ ident_inet(hbaPort *port)
 	const SockAddr remote_addr = port->raddr;
 	const SockAddr local_addr = port->laddr;
 	char		ident_user[IDENT_USERNAME_MAX + 1];
-	pgsocket	sock_fd;		/* File descriptor for socket on which we talk
+	pgsocket	sock_fd = PGINVALID_SOCKET;		/* for talking to Ident server */
-								 * to Ident */
 	int			rc;				/* Return code from a locally called function */
 	bool		ident_return;
 	char		remote_addr_s[NI_MAXHOST];
@@ -1445,9 +1444,9 @@ ident_inet(hbaPort *port)
 	rc = pg_getaddrinfo_all(remote_addr_s, ident_port, &hints, &ident_serv);
 	if (rc || !ident_serv)
 	{
-		if (ident_serv)
+		/* we don't expect this to happen */
-			pg_freeaddrinfo_all(hints.ai_family, ident_serv);
+		ident_return = false;
-		return STATUS_ERROR;	/* we don't expect this to happen */
+		goto ident_inet_done;
 	}
 	hints.ai_flags = AI_NUMERICHOST;
@@ -1461,9 +1460,9 @@ ident_inet(hbaPort *port)
 	rc = pg_getaddrinfo_all(local_addr_s, NULL, &hints, &la);
 	if (rc || !la)
 	{
-		if (la)
+		/* we don't expect this to happen */
-			pg_freeaddrinfo_all(hints.ai_family, la);
+		ident_return = false;
-		return STATUS_ERROR;	/* we don't expect this to happen */
+		goto ident_inet_done;
 	}
 	sock_fd = socket(ident_serv->ai_family, ident_serv->ai_socktype,
@@ -1554,8 +1553,10 @@ ident_inet(hbaPort *port)
 ident_inet_done:
 	if (sock_fd != PGINVALID_SOCKET)
 		closesocket(sock_fd);
-	pg_freeaddrinfo_all(remote_addr.addr.ss_family, ident_serv);
+	if (ident_serv)
-	pg_freeaddrinfo_all(local_addr.addr.ss_family, la);
+		pg_freeaddrinfo_all(remote_addr.addr.ss_family, ident_serv);
+	if (la)
+		pg_freeaddrinfo_all(local_addr.addr.ss_family, la);
 	if (ident_return)
 		/* Success! Check the usermap */