pg_backend_random() is used for MD5 salt generation, but it can fail, and
no checks were done on its status code.
Fix memory leak, if generating a random number for a cancel key failed.
Both issues were spotted by Coverity. Fix by Michael Paquier.
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
/* include the salt to use for computing the response */
- pg_backend_random(md5Salt, 4);
+ if (!pg_backend_random(md5Salt, 4))
+ {
+ ereport(LOG,
+ (errmsg("could not acquire random number for MD5 salt.")));
+ return STATUS_ERROR;
+ }
sendAuthRequest(port, AUTH_REQ_MD5, md5Salt, 4);
*/
if (!RandomCancelKey(&MyCancelKey))
{
+ free(bn);
ereport(LOG,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("could not acquire random number")));