| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Aleksander Alekseev <a(dot)alekseev(at)postgrespro(dot)ru> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SCRAM authentication, take three |
| Date: | 2017-02-21 00:53:57 |
| Message-ID: | CAB7nPqS1Kk0G1E+EJEEaLEWqVNt66ER_-YZQsWk=E_m=OMe44g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Feb 20, 2017 at 9:41 PM, Aleksander Alekseev
<a(dot)alekseev(at)postgrespro(dot)ru> wrote:
>> Speaking about flaws, it looks like there is a memory leak in
>> array_to_utf procedure - result is allocated twice.
Pushed a fix for this one on my branch.
> And a few more things I've noticed after a closer look:
>
> * build_client_first_message does not free `state->client_nonce` if
> second malloc (for `buf`) fails
> * same for `state->client_first_message_bare`
> * ... and most other procedures declared in fe-auth-scram.c file
> (see malloc and strdup calls)
You are visibly missing pg_fe_scram_free().
> * scram_Normalize doesn't check malloc return value
Yes, I am aware of this one. This makes the interface utterly ugly
though because an error log message needs to be handled across many
API layers. We could just assume anything returning NULL is equivalent
to an OOM and nothing else though.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ideriha, Takeshi | 2017-02-21 01:18:01 | Re: [WIP] RE: DECLARE STATEMENT setting up a connection in ECPG |
| Previous Message | Bruce Momjian | 2017-02-21 00:49:34 | Re: Multivariate statistics and expression indexes |