Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit41493ba

Browse files
committed
Fix two thinkos related to strong random keys.
pg_backend_random() is used for MD5 salt generation, but it can fail, andno checks were done on its status code.Fix memory leak, if generating a random number for a cancel key failed.Both issues were spotted by Coverity. Fix by Michael Paquier.
1 parentad365b2 commit41493ba

File tree

2 files changed

+7
-1
lines changed

2 files changed

+7
-1
lines changed

‎src/backend/libpq/auth.c

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -715,7 +715,12 @@ CheckMD5Auth(Port *port, char **logdetail)
715715
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
716716

717717
/* include the salt to use for computing the response */
718-
pg_backend_random(md5Salt,4);
718+
if (!pg_backend_random(md5Salt,4))
719+
{
720+
ereport(LOG,
721+
(errmsg("could not acquire random number for MD5 salt.")));
722+
returnSTATUS_ERROR;
723+
}
719724

720725
sendAuthRequest(port,AUTH_REQ_MD5,md5Salt,4);
721726

‎src/backend/postmaster/postmaster.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3901,6 +3901,7 @@ BackendStartup(Port *port)
39013901
*/
39023902
if (!RandomCancelKey(&MyCancelKey))
39033903
{
3904+
free(bn);
39043905
ereport(LOG,
39053906
(errcode(ERRCODE_OUT_OF_MEMORY),
39063907
errmsg("could not acquire random number")));

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp