Fix memory leaks if random salt generation fails.

In the backend, this is just to silence coverity warnings, but in the
frontend, it's a genuine leak, even if extremely rare.

Spotted by Coverity, patch by Michael Paquier.

diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index 8b3da736b1a0960b2445608625387f46c35a30b1..3acc2acfe417aebc2452ce695748184e518fea2f 100644 (file)
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -411,6 +411,8 @@ pg_be_scram_build_verifier(const char *password)
                ereport(LOG,
                                (errcode(ERRCODE_INTERNAL_ERROR),
                                 errmsg("could not generate random salt")));
+               if (prep_password)
+                       pfree(prep_password);
                return NULL;
        }
 

diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
index 4598774a963432cd7f10796de8d469f84e23ffdd..d8a5bbc712a2325f61cbaa9a3896d07e3024accc 100644 (file)
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -638,7 +638,11 @@ pg_fe_scram_build_verifier(const char *password)
 
        /* Generate a random salt */
        if (!pg_frontend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
+       {
+               if (prep_password)
+                       free(prep_password);
                return NULL;
+       }
 
        result = scram_build_verifier(saltbuf, SCRAM_DEFAULT_SALT_LEN,
                                                                  SCRAM_DEFAULT_ITERATIONS, password);