From: Tom Lane Date: Sun, 26 Mar 2017 21:02:38 +0000 (-0400) Subject: Fix some minor resource leaks in PerformRadiusTransaction(). X-Git-Tag: REL_10_BETA1~498 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7cbd944662854a0a5264895bcba3ce7f9bfd1c1f;p=thirdparty%2Fpostgresql.git Fix some minor resource leaks in PerformRadiusTransaction(). Failure to free serveraddrs pointed out by Coverity, failure to close socket noted by code-reading. These bugs seem to be quite old, but given the low probability of taking these error-exit paths and the minimal consequences of the leaks (since the process would presumably exit shortly anyway), it doesn't seem worth back-patching. Michael Paquier and Tom Lane --- diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 5f4f55760c1..8f77deae6ce 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -2793,6 +2793,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi { ereport(LOG, (errmsg("could not generate random encryption vector"))); + pg_freeaddrinfo_all(hint.ai_family, serveraddrs); return STATUS_ERROR; } packet->id = packet->vector[0]; @@ -2827,6 +2828,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi ereport(LOG, (errmsg("could not perform MD5 encryption of password"))); pfree(cryptvector); + pg_freeaddrinfo_all(hint.ai_family, serveraddrs); return STATUS_ERROR; } @@ -2842,7 +2844,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi radius_add_attribute(packet, RADIUS_PASSWORD, encryptedpassword, encryptedpasswordlen); - /* Length need to be in network order on the wire */ + /* Length needs to be in network order on the wire */ packetlength = packet->length; packet->length = htons(packet->length); @@ -2868,6 +2870,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi localaddr.sin_addr.s_addr = INADDR_ANY; addrsize = sizeof(struct sockaddr_in); #endif + if (bind(sock, (struct sockaddr *) & localaddr, addrsize)) { ereport(LOG, @@ -2964,6 +2967,7 @@ PerformRadiusTransaction(char *server, char *secret, char *portstr, char *identi { ereport(LOG, (errmsg("could not read RADIUS response: %m"))); + closesocket(sock); return STATUS_ERROR; }