From: Heikki Linnakangas <heikki.linnakangas@iki.fi>
Date: Mon, 12 Dec 2016 07:58:32 +0000 (+0200)
Subject: Fix two thinkos related to strong random keys.
X-Git-Tag: REL_10_BETA1~1272
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=41493bac3;p=postgresql

Fix two thinkos related to strong random keys.

pg_backend_random() is used for MD5 salt generation, but it can fail, and
no checks were done on its status code.

Fix memory leak, if generating a random number for a cancel key failed.

Both issues were spotted by Coverity. Fix by Michael Paquier.
---

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index f8bffe37dd..2b1841fb9b 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -715,7 +715,12 @@ CheckMD5Auth(Port *port, char **logdetail)
 				 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
 
 	/* include the salt to use for computing the response */
-	pg_backend_random(md5Salt, 4);
+	if (!pg_backend_random(md5Salt, 4))
+	{
+		ereport(LOG,
+				(errmsg("could not acquire random number for MD5 salt.")));
+		return STATUS_ERROR;
+	}
 
 	sendAuthRequest(port, AUTH_REQ_MD5, md5Salt, 4);
 
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 59073e0354..09884b3132 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -3901,6 +3901,7 @@ BackendStartup(Port *port)
 	 */
 	if (!RandomCancelKey(&MyCancelKey))
 	{
+		free(bn);
 		ereport(LOG,
 				(errcode(ERRCODE_OUT_OF_MEMORY),
 				 errmsg("could not acquire random number")));