diff options
| author | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2015-09-07 19:18:29 -0300 |
|---|---|---|
| committer | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2015-09-07 19:18:29 -0300 |
| commit | 8582cf1eb49d9b857f2397aa924e76ed5484cf43 (patch) | |
| tree | edb9c578135a28a03ed9d0384d22cc5ddc7866bb | |
| parent | 0198a8d82a16ccffefbc692278eccba85f41c381 (diff) | |
| download | postgresql-8582cf1eb49d9b857f2397aa924e76ed5484cf43.tar.gz postgresql-8582cf1eb49d9b857f2397aa924e76ed5484cf43.zip | |
Add more sanity checks in contrib/sslinfo
We were missing a few return checks on OpenSSL calls. Should be pretty
harmless, since we haven't seen any user reports about problems, and
this is not a high-traffic module anyway; still, a bug is a bug, so
backpatch this all the way back to 9.0.
Author: Michael Paquier, while reviewing another sslinfo patch
| -rw-r--r-- | contrib/sslinfo/sslinfo.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/contrib/sslinfo/sslinfo.c b/contrib/sslinfo/sslinfo.c index db491a4bc80..686d9a66d65 100644 --- a/contrib/sslinfo/sslinfo.c +++ b/contrib/sslinfo/sslinfo.c @@ -140,6 +140,10 @@ ASN1_STRING_to_text(ASN1_STRING *str) text *result; membuf = BIO_new(BIO_s_mem()); + if (membuf == NULL) + ereport(ERROR, + (errcode(ERRCODE_OUT_OF_MEMORY), + errmsg("failed to create OpenSSL BIO structure"))); (void) BIO_set_close(membuf, BIO_CLOSE); ASN1_STRING_print_ex(membuf, str, ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB) @@ -152,7 +156,8 @@ ASN1_STRING_to_text(ASN1_STRING *str) result = cstring_to_text(dp); if (dp != sp) pfree(dp); - BIO_free(membuf); + if (BIO_free(membuf) != 1) + elog(ERROR, "failed to free OpenSSL BIO structure"); PG_RETURN_TEXT_P(result); } @@ -291,15 +296,28 @@ X509_NAME_to_text(X509_NAME *name) char *dp; text *result; + if (membuf == NULL) + ereport(ERROR, + (errcode(ERRCODE_OUT_OF_MEMORY), + errmsg("failed to create BIO"))); + (void) BIO_set_close(membuf, BIO_CLOSE); for (i = 0; i < count; i++) { e = X509_NAME_get_entry(name, i); nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e)); + if (nid == NID_undef) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE), + errmsg("failed to get NID for ASN1_OBJECT object"))); v = X509_NAME_ENTRY_get_data(e); field_name = OBJ_nid2sn(nid); - if (!field_name) + if (field_name == NULL) field_name = OBJ_nid2ln(nid); + if (field_name == NULL) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE), + errmsg("failed to convert NID %d to an ASN1_OBJECT structure", nid))); BIO_printf(membuf, "/%s=", field_name); ASN1_STRING_print_ex(membuf, v, ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB) @@ -314,7 +332,8 @@ X509_NAME_to_text(X509_NAME *name) result = cstring_to_text(dp); if (dp != sp) pfree(dp); - BIO_free(membuf); + if (BIO_free(membuf) != 1) + elog(ERROR, "failed to free OpenSSL BIO structure"); PG_RETURN_TEXT_P(result); } |