From 987717d7c7007055ff7fc2ecf3d40e9bdb00e071 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 5 May 2020 13:10:09 -0400 Subject: Fix severe memory leaks in GSSAPI encryption support. Both the backend and libpq leaked buffers containing encrypted data to be transmitted, so that the process size would grow roughly as the total amount of data sent. There were also far-less-critical leaks of the same sort in GSSAPI session establishment. Oversight in commit b0b39f72b, which I failed to notice while reviewing the code in 2c0cdc818. Per complaint from pmc@citylink. Back-patch to v12 where this code was introduced. Discussion: https://postgr.es/m/20200504115649.GA77072@gate.oper.dinoex.org --- src/backend/libpq/be-secure-gssapi.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/backend/libpq/be-secure-gssapi.c') diff --git a/src/backend/libpq/be-secure-gssapi.c b/src/backend/libpq/be-secure-gssapi.c index d248d113fcc..d565f92a210 100644 --- a/src/backend/libpq/be-secure-gssapi.c +++ b/src/backend/libpq/be-secure-gssapi.c @@ -215,6 +215,9 @@ be_gssapi_write(Port *port, void *ptr, size_t len) memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length); PqGSSSendLength += output.length; + + /* Release buffer storage allocated by GSSAPI */ + gss_release_buffer(&minor, &output); } /* If we get here, our counters should all match up. */ @@ -371,6 +374,7 @@ be_gssapi_read(Port *port, void *ptr, size_t len) /* Our receive buffer is now empty, reset it */ PqGSSRecvLength = 0; + /* Release buffer storage allocated by GSSAPI */ gss_release_buffer(&minor, &output); } @@ -590,7 +594,10 @@ secure_open_gssapi(Port *port) */ if (ret < 0 && !(errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)) + { + gss_release_buffer(&minor, &output); return -1; + } /* Wait and retry if we couldn't write yet */ if (ret <= 0) -- cgit v1.2.3