Fix a theoretical memory leak in pg_password_sendauth(). If the first

Neil Conway · Neil Conway · commit 4714984149a2 · 2005-06-30T01:59:20.000Z
malloc() succeeded but the second failed, the buffer allocated by the
first malloc() would be leaked. Fix this by allocating both buffers
via a single malloc(), as suggested by Tom.

Per Coverity static analysis performed by EnterpriseDB.
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.102 2005/06/27 02:04:26 neilc Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.103 2005/06/30 01:59:20 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -407,27 +407,27 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
 			{
 				char	   *crypt_pwd2;
 
-				if (!(crypt_pwd = malloc(MD5_PASSWD_LEN + 1)) ||
-					!(crypt_pwd2 = malloc(MD5_PASSWD_LEN + 1)))
+				/* Allocate enough space for two MD5 hashes */
+				crypt_pwd = malloc(2 * (MD5_PASSWD_LEN + 1));
+				if (!crypt_pwd)
 				{
 					fprintf(stderr, libpq_gettext("out of memory\n"));
 					return STATUS_ERROR;
 				}
+
+				crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1;
 				if (!EncryptMD5(password, conn->pguser,
 								strlen(conn->pguser), crypt_pwd2))
 				{
 					free(crypt_pwd);
-					free(crypt_pwd2);
 					return STATUS_ERROR;
 				}
 				if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->md5Salt,
 								sizeof(conn->md5Salt), crypt_pwd))
 				{
 					free(crypt_pwd);
-					free(crypt_pwd2);
 					return STATUS_ERROR;
 				}
-				free(crypt_pwd2);
 				break;
 			}
 		case AUTH_REQ_CRYPT:

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).`
`11`	`11`	`*`
`12`	`12`	`* IDENTIFICATION`
`13`		`- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.102 2005/06/27 02:04:26 neilc Exp $`
	`13`	`+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.103 2005/06/30 01:59:20 neilc Exp $`
`14`	`14`	`*`
`15`	`15`	`*-------------------------------------------------------------------------`
`16`	`16`	`*/`
`@@ -407,27 +407,27 @@ pg_password_sendauth(PGconn conn, const char password, AuthRequest areq)`
`407`	`407`	`{`
`408`	`408`	`char *crypt_pwd2;`
`409`	`409`
`410`		`- if (!(crypt_pwd = malloc(MD5_PASSWD_LEN + 1)) \|\|`
`411`		`- !(crypt_pwd2 = malloc(MD5_PASSWD_LEN + 1)))`
	`410`	`+ /* Allocate enough space for two MD5 hashes */`
	`411`	`+ crypt_pwd = malloc(2 * (MD5_PASSWD_LEN + 1));`
	`412`	`+ if (!crypt_pwd)`
`412`	`413`	`{`
`413`	`414`	`fprintf(stderr, libpq_gettext("out of memory\n"));`
`414`	`415`	`return STATUS_ERROR;`
`415`	`416`	`}`
	`417`	`+`
	`418`	`+ crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1;`
`416`	`419`	`if (!EncryptMD5(password, conn->pguser,`
`417`	`420`	`strlen(conn->pguser), crypt_pwd2))`
`418`	`421`	`{`
`419`	`422`	`free(crypt_pwd);`
`420`		`- free(crypt_pwd2);`
`421`	`423`	`return STATUS_ERROR;`
`422`	`424`	`}`
`423`	`425`	`if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->md5Salt,`
`424`	`426`	`sizeof(conn->md5Salt), crypt_pwd))`
`425`	`427`	`{`
`426`	`428`	`free(crypt_pwd);`
`427`		`- free(crypt_pwd2);`
`428`	`429`	`return STATUS_ERROR;`
`429`	`430`	`}`
`430`		`- free(crypt_pwd2);`
`431`	`431`	`break;`
`432`	`432`	`}`
`433`	`433`	`case AUTH_REQ_CRYPT:`