verify_password() leaked a file descriptor if it failed to find the given

tglsfdc · tglsfdc · commit d831990167e7 · 1999-11-23T01:04:38.000Z
userid in the flat password file.  Do it enough times and the postmaster
panicked :-(
diff --git a/src/backend/libpq/password.c b/src/backend/libpq/password.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: password.c,v 1.26 1999/10/23 03:13:21 tgl Exp $
+ * $Id: password.c,v 1.27 1999/11/23 01:04:38 tgl Exp $
  *
  */
 
@@ -45,6 +45,8 @@ verify_password(char *auth_arg, char *user, char *password)
 		return STATUS_ERROR;
 	}
 
+	pfree(pw_file_fullname);
+
 	while (!feof(pw_file))
 	{
 		char		pw_file_line[255],
@@ -67,15 +69,12 @@ verify_password(char *auth_arg, char *user, char *password)
 
 		if (strcmp(user, test_user) == 0)
 		{
-			/* we're outta here one way or the other. */
+			/* we're outta here one way or the other, so close file */
 			FreeFile(pw_file);
 
 			if (strcmp(crypt(password, test_pw), test_pw) == 0)
 			{
 				/* it matched. */
-
-				pfree(pw_file_fullname);
-
 				return STATUS_OK;
 			}
 
@@ -85,19 +84,17 @@ verify_password(char *auth_arg, char *user, char *password)
 			fputs(PQerrormsg, stderr);
 			pqdebug("%s", PQerrormsg);
 
-			pfree(pw_file_fullname);
-
 			return STATUS_ERROR;
 		}
 	}
 
+	FreeFile(pw_file);
+
 	snprintf(PQerrormsg, PQERRORMSG_LENGTH,
 			 "verify_password: user '%s' not found in password file.\n",
 			 user);
 	fputs(PQerrormsg, stderr);
 	pqdebug("%s", PQerrormsg);
 
-	pfree(pw_file_fullname);
-
 	return STATUS_ERROR;
 }

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`/*`
`2`	`2`	`* Copyright (c) 1994, Regents of the University of California`
`3`	`3`	`*`
`4`		`- * $Id: password.c,v 1.26 1999/10/23 03:13:21 tgl Exp $`
	`4`	`+ * $Id: password.c,v 1.27 1999/11/23 01:04:38 tgl Exp $`
`5`	`5`	`*`
`6`	`6`	`*/`
`7`	`7`
`@@ -45,6 +45,8 @@ verify_password(char auth_arg, char user, char *password)`
`45`	`45`	`return STATUS_ERROR;`
`46`	`46`	`}`
`47`	`47`
	`48`	`+ pfree(pw_file_fullname);`
	`49`	`+`
`48`	`50`	`while (!feof(pw_file))`
`49`	`51`	`{`
`50`	`52`	`char pw_file_line[255],`
`@@ -67,15 +69,12 @@ verify_password(char auth_arg, char user, char *password)`
`67`	`69`
`68`	`70`	`if (strcmp(user, test_user) == 0)`
`69`	`71`	`{`
`70`		`- /* we're outta here one way or the other. */`
	`72`	`+ /* we're outta here one way or the other, so close file */`
`71`	`73`	`FreeFile(pw_file);`
`72`	`74`
`73`	`75`	`if (strcmp(crypt(password, test_pw), test_pw) == 0)`
`74`	`76`	`{`
`75`	`77`	`/* it matched. */`
`76`		`-`
`77`		`- pfree(pw_file_fullname);`
`78`		`-`
`79`	`78`	`return STATUS_OK;`
`80`	`79`	`}`
`81`	`80`
`@@ -85,19 +84,17 @@ verify_password(char auth_arg, char user, char *password)`
`85`	`84`	`fputs(PQerrormsg, stderr);`
`86`	`85`	`pqdebug("%s", PQerrormsg);`
`87`	`86`
`88`		`- pfree(pw_file_fullname);`
`89`		`-`
`90`	`87`	`return STATUS_ERROR;`
`91`	`88`	`}`
`92`	`89`	`}`
`93`	`90`
	`91`	`+ FreeFile(pw_file);`
	`92`	`+`
`94`	`93`	`snprintf(PQerrormsg, PQERRORMSG_LENGTH,`
`95`	`94`	`"verify_password: user '%s' not found in password file.\n",`
`96`	`95`	`user);`
`97`	`96`	`fputs(PQerrormsg, stderr);`
`98`	`97`	`pqdebug("%s", PQerrormsg);`
`99`	`98`
`100`		`- pfree(pw_file_fullname);`
`101`		`-`
`102`	`99`	`return STATUS_ERROR;`
`103`	`100`	`}`