git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Fix two thinkos related to strong random keys.

author Heikki Linnakangas <heikki.linnakangas@iki.fi>

2016年12月12日 07:58:32 +0000 (09:58 +0200)

committer Heikki Linnakangas <heikki.linnakangas@iki.fi>

2016年12月12日 07:58:32 +0000 (09:58 +0200)

pg_backend_random() is used for MD5 salt generation, but it can fail, and
no checks were done on its status code.

Fix memory leak, if generating a random number for a cancel key failed.

Both issues were spotted by Coverity. Fix by Michael Paquier.

src/backend/libpq/auth.c patch | blob | blame | history

src/backend/postmaster/postmaster.c patch | blob | blame | history

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c

index f8bffe37ddc021ce62c1cbd6807e3c8fe8923522..2b1841fb9bbf700508a53aa05480de1cd6d38779 100644 (file)

--- a/src/backend/libpq/auth.c

+++ b/src/backend/libpq/auth.c

@@ -715,7 +715,12 @@ CheckMD5Auth(Port *port, char **logdetail)

errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));

/* include the salt to use for computing the response */

- pg_backend_random(md5Salt, 4);

+ if (!pg_backend_random(md5Salt, 4))

+ {

+ ereport(LOG,

+ (errmsg("could not acquire random number for MD5 salt.")));

+ return STATUS_ERROR;

+ }

sendAuthRequest(port, AUTH_REQ_MD5, md5Salt, 4);

diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c

index 59073e0354b6c9c00ea70c554c42f8e83fac8b30..09884b313256295b5b512aa4d6e41990cf1e0527 100644 (file)

--- a/src/backend/postmaster/postmaster.c

+++ b/src/backend/postmaster/postmaster.c

@@ -3901,6 +3901,7 @@ BackendStartup(Port *port)

if (!RandomCancelKey(&MyCancelKey))

{

+ free(bn);

ereport(LOG,

(errcode(ERRCODE_OUT_OF_MEMORY),

errmsg("could not acquire random number")));

This is the main PostgreSQL git repository.

RSS Atom