Introduced in commit c3afe8cf5a. Someone issuing repeated "CREATE SUBSCRIPTION" commands where the connection has no password and must_have_password is true will leak malloc'd memory in the error path. Minor issue in practice, because I suspect that a user privileged enough to create a subscription could cause bigger problems.
It makes me wonder if we should use the resowner mechanism to track pointers to malloc'd memory. Then we could use a standard pattern for these kinds of cases, and it would also catch more remote issues, like if a pstrdup() fails in an error path (which can happen a few lines up if the parse fails). Patch attached; intended for 16 and 17. Regards, Jeff Davis
From cbce9f5a6d1f7a7ce19473c45ac4cc74bca49c0e Mon Sep 17 00:00:00 2001 From: Jeff Davis <j...@j-davis.com> Date: Fri, 12 Jan 2024 14:39:05 -0800 Subject: [PATCH] Fix memory leak in connection string validation. Introduced in commit c3afe8cf5a. Backpatch-through: 16 --- src/backend/replication/libpqwalreceiver/libpqwalreceiver.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c index ead30f87c9..201c36cb22 100644 --- a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c +++ b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c @@ -284,10 +284,15 @@ libpqrcv_check_conninfo(const char *conninfo, bool must_use_password) } if (!uses_password) + { + /* malloc'd, so we must free it explicitly */ + PQconninfoFree(opts); + ereport(ERROR, (errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED), errmsg("password is required"), errdetail("Non-superusers must provide a password in the connection string."))); + } } PQconninfoFree(opts); -- 2.34.1