Tom Lane wrote:
Since both allocations are only transient within this routine, there's
a simpler more effective solution, which is to only do one malloc in
the first place


Yeah, true. Attached is a revised patch -- committed to HEAD.

-Neil
Index: src/interfaces/libpq/fe-auth.c
===================================================================
RCS file: /var/lib/cvs/pgsql/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.102
diff -c -r1.102 fe-auth.c
*** src/interfaces/libpq/fe-auth.c	27 Jun 2005 02:04:26 -0000	1.102
--- src/interfaces/libpq/fe-auth.c	30 Jun 2005 01:55:35 -0000
***************
*** 407,433 ****
  			{
  				char	   *crypt_pwd2;
  
! 				if (!(crypt_pwd = malloc(MD5_PASSWD_LEN + 1)) ||
! 					!(crypt_pwd2 = malloc(MD5_PASSWD_LEN + 1)))
  				{
  					fprintf(stderr, libpq_gettext("out of memory\n"));
  					return STATUS_ERROR;
  				}
  				if (!EncryptMD5(password, conn->pguser,
  								strlen(conn->pguser), crypt_pwd2))
  				{
  					free(crypt_pwd);
- 					free(crypt_pwd2);
  					return STATUS_ERROR;
  				}
  				if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->md5Salt,
  								sizeof(conn->md5Salt), crypt_pwd))
  				{
  					free(crypt_pwd);
- 					free(crypt_pwd2);
  					return STATUS_ERROR;
  				}
- 				free(crypt_pwd2);
  				break;
  			}
  		case AUTH_REQ_CRYPT:
--- 407,433 ----
  			{
  				char	   *crypt_pwd2;
  
! 				/* Allocate enough space for two MD5 hashes */
! 				crypt_pwd = malloc(2 * (MD5_PASSWD_LEN + 1));
! 				if (!crypt_pwd)
  				{
  					fprintf(stderr, libpq_gettext("out of memory\n"));
  					return STATUS_ERROR;
  				}
+ 
+ 				crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1;
  				if (!EncryptMD5(password, conn->pguser,
  								strlen(conn->pguser), crypt_pwd2))
  				{
  					free(crypt_pwd);
  					return STATUS_ERROR;
  				}
  				if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->md5Salt,
  								sizeof(conn->md5Salt), crypt_pwd))
  				{
  					free(crypt_pwd);
  					return STATUS_ERROR;
  				}
  				break;
  			}
  		case AUTH_REQ_CRYPT:
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])

Reply via email to