diff options
| author | Michael Paquier <michael@paquier.xyz> | 2020-01-27 11:02:05 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2020-01-27 11:02:05 +0900 |
| commit | 10a525230fb18331dbcfd6a4a7248d76f55c331c (patch) | |
| tree | 5130453fef8c9b1bd4d47bf5d2c8af02c5e49311 /src/backend | |
| parent | 3ec20c7091e97a554e7447ac2b7f4ed795631395 (diff) | |
| download | postgresql-10a525230fb18331dbcfd6a4a7248d76f55c331c.tar.gz postgresql-10a525230fb18331dbcfd6a4a7248d76f55c331c.zip | |
Fix some memory leaks and improve restricted token handling on Windows
The leaks have been detected by a Coverity run on Windows. No backpatch
is done as the leaks are minor.
While on it, make restricted token creation more consistent in its error
handling by logging an error instead of a warning if missing
advapi32.dll, which was missing in the NT4 days. Any modern platform
should have this DLL around. Now, if the library is not there, an error
is still reported back to the caller, and nothing is done do there is no
behavior change done in this commit.
Author: Ranier Vilela
Discussion: https://postgr.es/m/CAEudQApa9MG0foPkgPX87fipk=vhnF2Xfg+CfUyR08h4R7Mywg@mail.gmail.com
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/libpq/auth.c | 14 | ||||
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 6 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 511f8913939..bd8c7f58119 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -1387,6 +1387,13 @@ pg_SSPI_recvauth(Port *port) mtype = pq_getbyte(); if (mtype != 'p') { + if (sspictx != NULL) + { + DeleteSecurityContext(sspictx); + free(sspictx); + } + FreeCredentialsHandle(&sspicred); + /* Only log error if client didn't disconnect. */ if (mtype != EOF) ereport(ERROR, @@ -1402,6 +1409,12 @@ pg_SSPI_recvauth(Port *port) { /* EOF - pq_getmessage already logged error */ pfree(buf.data); + if (sspictx != NULL) + { + DeleteSecurityContext(sspictx); + free(sspictx); + } + FreeCredentialsHandle(&sspicred); return STATUS_ERROR; } @@ -2517,6 +2530,7 @@ InitializeLDAPConnection(Port *port, LDAP **ldap) (errmsg("could not load function _ldap_start_tls_sA in wldap32.dll"), errdetail("LDAP over SSL is not supported on this platform."))); ldap_unbind(*ldap); + FreeLibrary(ldaphandle); return STATUS_ERROR; } diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 7a92dac5255..b3986bee75f 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -4719,6 +4719,8 @@ retry: if (cmdLine[sizeof(cmdLine) - 2] != '\0') { elog(LOG, "subprocess command line too long"); + UnmapViewOfFile(param); + CloseHandle(paramHandle); return -1; } @@ -4735,6 +4737,8 @@ retry: { elog(LOG, "CreateProcess call failed: %m (error code %lu)", GetLastError()); + UnmapViewOfFile(param); + CloseHandle(paramHandle); return -1; } @@ -4750,6 +4754,8 @@ retry: GetLastError()))); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); + UnmapViewOfFile(param); + CloseHandle(paramHandle); return -1; /* log made by save_backend_variables */ } |