diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2016-12-12 09:58:32 +0200 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2016-12-12 09:58:32 +0200 |
| commit | 41493bac36575c93172644d0eab7045aed8dcc17 (patch) | |
| tree | 8ff86758463e3227a4f5bdefd4956509125273d7 /src | |
| parent | ad365b2f91dc57ed1f18839f9f59a2799d276c8d (diff) | |
| download | postgresql-41493bac36575c93172644d0eab7045aed8dcc17.tar.gz postgresql-41493bac36575c93172644d0eab7045aed8dcc17.zip | |
Fix two thinkos related to strong random keys.
pg_backend_random() is used for MD5 salt generation, but it can fail, and
no checks were done on its status code.
Fix memory leak, if generating a random number for a cancel key failed.
Both issues were spotted by Coverity. Fix by Michael Paquier.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/auth.c | 7 | ||||
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 1 |
2 files changed, 7 insertions, 1 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index f8bffe37ddc..2b1841fb9bb 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -715,7 +715,12 @@ CheckMD5Auth(Port *port, char **logdetail) errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled"))); /* include the salt to use for computing the response */ - pg_backend_random(md5Salt, 4); + if (!pg_backend_random(md5Salt, 4)) + { + ereport(LOG, + (errmsg("could not acquire random number for MD5 salt."))); + return STATUS_ERROR; + } sendAuthRequest(port, AUTH_REQ_MD5, md5Salt, 4); diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 59073e0354b..09884b31325 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -3901,6 +3901,7 @@ BackendStartup(Port *port) */ if (!RandomCancelKey(&MyCancelKey)) { + free(bn); ereport(LOG, (errcode(ERRCODE_OUT_OF_MEMORY), errmsg("could not acquire random number"))); |