From 0186ded5460c4868db8c5f98ab17287c15fedd7e Mon Sep 17 00:00:00 2001
From: Heikki Linnakangas <heikki.linnakangas@iki.fi>
Date: Sun, 7 May 2017 19:58:21 +0300
Subject: [PATCH] Fix memory leaks if random salt generation fails.

In the backend, this is just to silence coverity warnings, but in the
frontend, it's a genuine leak, even if extremely rare.

Spotted by Coverity, patch by Michael Paquier.
---
 src/backend/libpq/auth-scram.c       | 2 ++
 src/interfaces/libpq/fe-auth-scram.c | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index 8b3da736b1a..3acc2acfe41 100644
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -411,6 +411,8 @@ pg_be_scram_build_verifier(const char *password)
 		ereport(LOG,
 				(errcode(ERRCODE_INTERNAL_ERROR),
 				 errmsg("could not generate random salt")));
+		if (prep_password)
+			pfree(prep_password);
 		return NULL;
 	}
 
diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
index 4598774a963..d8a5bbc712a 100644
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -638,7 +638,11 @@ pg_fe_scram_build_verifier(const char *password)
 
 	/* Generate a random salt */
 	if (!pg_frontend_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
+	{
+		if (prep_password)
+			free(prep_password);
 		return NULL;
+	}
 
 	result = scram_build_verifier(saltbuf, SCRAM_DEFAULT_SALT_LEN,
 								  SCRAM_DEFAULT_ITERATIONS, password);