aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/backend/libpq/auth-scram.c4
-rw-r--r--src/common/saslprep.c11
-rw-r--r--src/interfaces/libpq/fe-auth-scram.c4
3 files changed, 12 insertions, 7 deletions
diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index 8fbad53fa82..e997c946001 100644
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -453,7 +453,7 @@ pg_be_scram_exchange(void *opaq, char *input, int inputlen,
char *
pg_be_scram_build_verifier(const char *password)
{
- char *prep_password = NULL;
+ char *prep_password;
pg_saslprep_rc rc;
char saltbuf[SCRAM_DEFAULT_SALT_LEN];
char *result;
@@ -499,7 +499,7 @@ scram_verify_plain_password(const char *username, const char *password,
uint8 stored_key[SCRAM_KEY_LEN];
uint8 server_key[SCRAM_KEY_LEN];
uint8 computed_key[SCRAM_KEY_LEN];
- char *prep_password = NULL;
+ char *prep_password;
pg_saslprep_rc rc;
if (!parse_scram_verifier(verifier, &iterations, &encoded_salt,
diff --git a/src/common/saslprep.c b/src/common/saslprep.c
index 271021550ad..4cf574fed87 100644
--- a/src/common/saslprep.c
+++ b/src/common/saslprep.c
@@ -1081,6 +1081,9 @@ pg_saslprep(const char *input, char **output)
unsigned char *p;
pg_wchar *wp;
+ /* Ensure we return *output as NULL on failure */
+ *output = NULL;
+
/* Check that the password isn't stupendously long */
if (strlen(input) > MAX_PASSWORD_LENGTH)
{
@@ -1112,10 +1115,7 @@ pg_saslprep(const char *input, char **output)
*/
input_size = pg_utf8_string_len(input);
if (input_size < 0)
- {
- *output = NULL;
return SASLPREP_INVALID_UTF8;
- }
input_chars = ALLOC((input_size + 1) * sizeof(pg_wchar));
if (!input_chars)
@@ -1246,6 +1246,11 @@ pg_saslprep(const char *input, char **output)
result = ALLOC(result_size + 1);
if (!result)
goto oom;
+
+ /*
+ * There are no error exits below here, so the error exit paths don't need
+ * to worry about possibly freeing "result".
+ */
p = (unsigned char *) result;
for (wp = output_chars; *wp; wp++)
{
diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
index 1d9c9371183..603ef4c0020 100644
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -477,7 +477,7 @@ build_client_final_message(fe_scram_state *state)
printfPQExpBuffer(&conn->errorMessage,
"channel binding not supported by this build\n");
return NULL;
-#endif /* HAVE_PGTLS_GET_PEER_CERTIFICATE_HASH */
+#endif /* HAVE_PGTLS_GET_PEER_CERTIFICATE_HASH */
}
#ifdef HAVE_PGTLS_GET_PEER_CERTIFICATE_HASH
else if (conn->ssl_in_use)
@@ -747,7 +747,7 @@ verify_server_signature(fe_scram_state *state)
char *
pg_fe_scram_build_verifier(const char *password)
{
- char *prep_password = NULL;
+ char *prep_password;
pg_saslprep_rc rc;
char saltbuf[SCRAM_DEFAULT_SALT_LEN];
char *result;
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 16:05:54 +0000