Fix two thinkos related to strong random keys.

pg_backend_random() is used for MD5 salt generation, but it can fail, and
no checks were done on its status code.

Fix memory leak, if generating a random number for a cancel key failed.

Both issues were spotted by Coverity. Fix by Michael Paquier.

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index f8bffe37ddc021ce62c1cbd6807e3c8fe8923522..2b1841fb9bbf700508a53aa05480de1cd6d38779 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -715,7 +715,12 @@ CheckMD5Auth(Port *port, char **logdetail)
                 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
 
    /* include the salt to use for computing the response */
-   pg_backend_random(md5Salt, 4);
+   if (!pg_backend_random(md5Salt, 4))
+   {
+       ereport(LOG,
+               (errmsg("could not acquire random number for MD5 salt.")));
+       return STATUS_ERROR;
+   }
 
    sendAuthRequest(port, AUTH_REQ_MD5, md5Salt, 4);
 

diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 59073e0354b6c9c00ea70c554c42f8e83fac8b30..09884b313256295b5b512aa4d6e41990cf1e0527 100644 (file)
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -3901,6 +3901,7 @@ BackendStartup(Port *port)
     */
    if (!RandomCancelKey(&MyCancelKey))
    {
+       free(bn);
        ereport(LOG,
                (errcode(ERRCODE_OUT_OF_MEMORY),
                 errmsg("could not acquire random number")));