Re: freeing LDAPMessage in CheckLDAPAuth
On Mon, Sep 05, 2022 at 02:50:09AM -0700, Zhihong Yu wrote: > Here is patch v4. FWIW, I am fine with what you are basically doing with v4, so I'd like to apply that on HEAD on the basis of consistency with libpq. As Tom said, this authentication path will fail, but I'd like to think that this is a good practice anyway. I'll wait a few days first, in case others have comments. -- Michael signature.asc Description: PGP signature
Re: freeing LDAPMessage in CheckLDAPAuth
On Sun, Sep 4, 2022 at 10:37 PM Michael Paquier wrote: > On Sun, Sep 04, 2022 at 06:52:37AM -0700, Zhihong Yu wrote: > > Please take a look at patch v3. > > Fine as far as it goes. I would have put the initialization of > search_message closer to ldap_search_s() for consistency with libpq. > That's what we do with ldap_search_st(). > -- > Michael > Hi, Here is patch v4. v4-ldap-msg-free.patch Description: Binary data
Re: freeing LDAPMessage in CheckLDAPAuth
On Sun, Sep 04, 2022 at 06:52:37AM -0700, Zhihong Yu wrote: > Please take a look at patch v3. Fine as far as it goes. I would have put the initialization of search_message closer to ldap_search_s() for consistency with libpq. That's what we do with ldap_search_st(). -- Michael signature.asc Description: PGP signature
Re: freeing LDAPMessage in CheckLDAPAuth
On Sun, Sep 4, 2022 at 3:58 AM Zhihong Yu wrote: > > > On Sun, Sep 4, 2022 at 12:25 AM Michael Paquier > wrote: > >> On Sun, Sep 04, 2022 at 01:52:10AM -0400, Tom Lane wrote: >> > I can't get too excited about this. All of the error exit paths in >> > backend authentication code will lead immediately to process exit, so >> > the possibility of some memory being leaked really has no consequences >> > worth worrying about. If we *were* worried about it, sprinkling a few >> > more ldap_msgfree() calls into the existing code would hardly make it >> > more bulletproof. >> >> Even if this is not critical in the backend for this authentication >> path, I'd like to think that it is still a good practice for future >> code so as anything code-pasted around would get the call. So I see >> no reason to not put smth on HEAD at least. >> > Hi, > Here is updated patch as you suggested in your previous email. > > Thanks > Hi, Please take a look at patch v3. Thanks v3-ldap-msg-free.patch Description: Binary data
Re: freeing LDAPMessage in CheckLDAPAuth
On Sun, Sep 4, 2022 at 12:25 AM Michael Paquier wrote: > On Sun, Sep 04, 2022 at 01:52:10AM -0400, Tom Lane wrote: > > I can't get too excited about this. All of the error exit paths in > > backend authentication code will lead immediately to process exit, so > > the possibility of some memory being leaked really has no consequences > > worth worrying about. If we *were* worried about it, sprinkling a few > > more ldap_msgfree() calls into the existing code would hardly make it > > more bulletproof. > > Even if this is not critical in the backend for this authentication > path, I'd like to think that it is still a good practice for future > code so as anything code-pasted around would get the call. So I see > no reason to not put smth on HEAD at least. > Hi, Here is updated patch as you suggested in your previous email. Thanks v2-ldap-msg-free.patch Description: Binary data
Re: freeing LDAPMessage in CheckLDAPAuth
On Sun, Sep 04, 2022 at 01:52:10AM -0400, Tom Lane wrote: > I can't get too excited about this. All of the error exit paths in > backend authentication code will lead immediately to process exit, so > the possibility of some memory being leaked really has no consequences > worth worrying about. If we *were* worried about it, sprinkling a few > more ldap_msgfree() calls into the existing code would hardly make it > more bulletproof. Even if this is not critical in the backend for this authentication path, I'd like to think that it is still a good practice for future code so as anything code-pasted around would get the call. So I see no reason to not put smth on HEAD at least. > There's lots of psprintf() and other > Postgres-universe calls in that code that could potentially fail and > force an elog exit without reaching ldap_msgfree. So if you wanted to > make this completely clean you'd need to resort to doing the freeing > in PG_CATCH blocks ... and I don't see any value in hacking it to that > extent. Agreed. I cannot get excited about going down to that in this case. > What might be worth inspecting is the code paths in frontend libpq > that call ldap_msgfree(), because on the client side we don't get to > assume that an error will lead to immediate process exit. If we've > missed any cleanups over there, that *would* be worth fixing. FWIW, I have looked at the frontend while writing my previous message and did not notice anything. -- Michael signature.asc Description: PGP signature
Re: freeing LDAPMessage in CheckLDAPAuth
Michael Paquier writes: > On Sat, Sep 03, 2022 at 05:00:30PM -0700, Zhihong Yu wrote: >> Please see the attached patch which frees the search_message in the above >> case. > Yep, nice catch, I am reading the same thing as you do. I can see > that we already do that after a failing ldap_search_st() call in > fe-connect.c for libpq. Hence, similarly, we'd better call > ldap_msgfree() on search_message when it is not NULL after a search > failure, no? The patch you are proposing does not do that. I can't get too excited about this. All of the error exit paths in backend authentication code will lead immediately to process exit, so the possibility of some memory being leaked really has no consequences worth worrying about. If we *were* worried about it, sprinkling a few more ldap_msgfree() calls into the existing code would hardly make it more bulletproof. There's lots of psprintf() and other Postgres-universe calls in that code that could potentially fail and force an elog exit without reaching ldap_msgfree. So if you wanted to make this completely clean you'd need to resort to doing the freeing in PG_CATCH blocks ... and I don't see any value in hacking it to that extent. What might be worth inspecting is the code paths in frontend libpq that call ldap_msgfree(), because on the client side we don't get to assume that an error will lead to immediate process exit. If we've missed any cleanups over there, that *would* be worth fixing. regards, tom lane
Re: freeing LDAPMessage in CheckLDAPAuth
On Sat, Sep 03, 2022 at 05:00:30PM -0700, Zhihong Yu wrote: >Note that *res* parameter of *ldap*_*search*_*ext*_*s()* > and *ldap*_*search*_*s()* >should be freed with *ldap*_*msgfree()* regardless of return > value of these >functions. > > Please see the attached patch which frees the search_message in the above > case. Yep, nice catch, I am reading the same thing as you do. I can see that we already do that after a failing ldap_search_st() call in fe-connect.c for libpq. Hence, similarly, we'd better call ldap_msgfree() on search_message when it is not NULL after a search failure, no? The patch you are proposing does not do that. -- Michael signature.asc Description: PGP signature
