Re: passwords in pg_shadow (duplicate).

You were looking at last night's patch. The one attached is the one
applied, and it addresses exactly the ugly issue you saw. It compares
to see if pgpass was reassigned with new memory, and frees only in that
case.

Also, in CVS HEAD, the variables are renamed client_pass and shadow_pass
so it is clear which is which.

---------------------------------------------------------------------------

Tom Lane wrote:
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > Good catch. Seems like a bug. I assumed we still want to support
> > 'password' even though pg_shadow contains MD5 encrypted passwords. Is
> > that correct? (We can't support crypt in those cases.)
>
> I think we should fix this for 7.3.1.
>
> > if (port->auth_method == uaMD5)
> > pfree(crypt_pwd);
> > + if (port->auth_method != uaMD5 && port->auth_method != uaCrypt &&
> > + isMD5(passwd))
> > + pfree((char *)pgpass);
>
> This part of your patch seems awfully fragile though. Better style
> would be to add a boolean:
>
> bool free_pgpass = false;
>
> ...
> {
> palloc pgpass here;
> free_pgpass = true;
> }
>
> if (free_pgpass)
> free(pg_pass);
>
> This is less fragile and easily extends to more cases that palloc
> pg_pass in future.
>
> regards, tom lane
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073