Fix two thinkos related to strong random keys.

hlinnaka · hlinnaka · commit 41493bac3657 · 2016-12-12T09:58:32.000+02:00
pg_backend_random() is used for MD5 salt generation, but it can fail, and
no checks were done on its status code.

Fix memory leak, if generating a random number for a cancel key failed.

Both issues were spotted by Coverity. Fix by Michael Paquier.
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
@@ -715,7 +715,12 @@ CheckMD5Auth(Port *port, char **logdetail)
 				 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
 
 	/* include the salt to use for computing the response */
-	pg_backend_random(md5Salt, 4);
+	if (!pg_backend_random(md5Salt, 4))
+	{
+		ereport(LOG,
+				(errmsg("could not acquire random number for MD5 salt.")));
+		return STATUS_ERROR;
+	}
 
 	sendAuthRequest(port, AUTH_REQ_MD5, md5Salt, 4);
 
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
@@ -3901,6 +3901,7 @@ BackendStartup(Port *port)
 	 */
 	if (!RandomCancelKey(&MyCancelKey))
 	{
+		free(bn);
 		ereport(LOG,
 				(errcode(ERRCODE_OUT_OF_MEMORY),
 				 errmsg("could not acquire random number")));

Original file line number	Diff line number	Diff line change
`@@ -3901,6 +3901,7 @@ BackendStartup(Port *port)`
`3901`	`3901`	`*/`
`3902`	`3902`	`if (!RandomCancelKey(&MyCancelKey))`
`3903`	`3903`	`{`
	`3904`	`+ free(bn);`
`3904`	`3905`	`ereport(LOG,`
`3905`	`3906`	`(errcode(ERRCODE_OUT_OF_MEMORY),`
`3906`	`3907`	`errmsg("could not acquire random number")));`