Home > mailing lists

BUG #19092: scram_free() will free on address which was not malloc()-ed in pg_scram_mech - Mailing list pgsql-bugs

From	PG Bug reporting form
Subject	BUG #19092: scram_free() will free on address which was not malloc()-ed in pg_scram_mech
Date	October 21 10:43:58
Msg-id	19092-b06adfd70ddcd2ab@postgresql.org Whole thread Raw
Responses	Re: BUG #19092: scram_free() will free on address which was not malloc()-ed in pg_scram_mech
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      19092
Logged by:          NJUEEXRM
Email address:      13952878799@163.com
PostgreSQL version: 17.0
Operating system:   MacOS 12.7.6
Description:

The issue is about the only implementation of pg_fe_sasl_mech interface:
pg_scram_mech. In the init func of pg_scram_mech, the variable
state->password is assigned by variable prep_password, which is prepared in
function pg_saslprep(). However, pg_saslprep() will use palloc/pfree or
malloc/free determined by FRONTEND marco。If we are in backend env，the
prep_password will be palloc-ed in CurrentMemoryContext. The problem is
state->password will be released by free() in the free func of
pg_scram_mech: scram_free, and will cause 'free on address which was not
malloc()-ed' error.
This issue occurred when I was attempting to make a connection to Backend
via libpq interfaces in Backend itself.

pgsql-bugs by date:

From: David Rowley
Date: 21 October, 10:05:09
Subject: Re: postgres access violation in pg_detoast_datum

From: Miroslav Pankov
Date: 21 October, 11:15:29
Subject: TLS verification to intermediate trust anchor with psql

BUG #19092: scram_free() will free on address which was not malloc()-ed in pg_scram_mech - Mailing list pgsql-bugs

Previous

Next