diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2017-04-13 17:44:15 +0300 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2017-04-13 17:44:15 +0300 |
| commit | 00707fa58275e370dc445fa7e1130085aa04f37b (patch) | |
| tree | ac34d654e3d719bc3eb2ff9f5d13b9b1da2b902f /src/backend/libpq/auth.c | |
| parent | 3d5facfd9ab66c819ed583b2614b0560405a6aa2 (diff) | |
| download | postgresql-00707fa58275e370dc445fa7e1130085aa04f37b.tar.gz postgresql-00707fa58275e370dc445fa7e1130085aa04f37b.zip | |
Minor cleanup of backend SCRAM code.
Free each SASL message after sending it. It's not a lot of wasted memory,
and it's short-lived, but the authentication code in general tries to
pfree() stuff, so let's follow the example.
Adding the pfree() revealed a little bug in build_server_first_message().
It attempts to keeps a copy of the sent message, but it was missing a
pstrdup(), so the pointer started to dangle, after adding the pfree()
into CheckSCRAMAuth().
Reword comments and debug messages slightly, while we're at it.
Reviewed by Michael Paquier.
Discussion: https://www.postgresql.org/message-id/6490b975-5ee1-6280-ac1d-af975b19fb9a@iki.fi
Diffstat (limited to 'src/backend/libpq/auth.c')
| -rw-r--r-- | src/backend/libpq/auth.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 66ead9381d3..b4c98c45c9f 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -872,6 +872,8 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) strlen(SCRAM_SHA256_NAME) + 1); /* + * Initialize the status tracker for message exchanges. + * * If the user doesn't exist, or doesn't have a valid password, or it's * expired, we still go through the motions of SASL authentication, but * tell the authentication method that the authentication is "doomed". @@ -880,8 +882,6 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) * This is because we don't want to reveal to an attacker what usernames * are valid, nor which users have a valid password. */ - - /* Initialize the status tracker for message exchanges */ scram_opaq = pg_be_scram_init(port->user_name, shadow_pass); /* @@ -918,7 +918,7 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) return STATUS_ERROR; } - elog(DEBUG4, "Processing received SASL token of length %d", buf.len); + elog(DEBUG4, "Processing received SASL response of length %d", buf.len); /* * we pass 'logdetail' as NULL when doing a mock authentication, @@ -931,14 +931,16 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) /* input buffer no longer used */ pfree(buf.data); - if (outputlen > 0) + if (output) { /* * Negotiation generated data to be sent to the client. */ - elog(DEBUG4, "sending SASL response token of length %u", outputlen); + elog(DEBUG4, "sending SASL challenge of length %u", outputlen); sendAuthRequest(port, AUTH_REQ_SASL_CONT, output, outputlen); + + pfree(output); } } while (result == SASL_EXCHANGE_CONTINUE); |