aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gustafsson <dgustafsson@postgresql.org>2023-09-22 11:18:25 +0200
committerDaniel Gustafsson <dgustafsson@postgresql.org>2023-09-22 11:18:25 +0200
commitf720875a4670f94c6d8acd288a2a62c7cabb92dd (patch)
treeab1069c4078d97988107353ca8a721e3d60a7aa2
parent227c7cf15602fa21af7eea1bd11375b7572649e3 (diff)
downloadpostgresql-f720875a4670f94c6d8acd288a2a62c7cabb92dd.tar.gz
postgresql-f720875a4670f94c6d8acd288a2a62c7cabb92dd.zip
Avoid potential pfree on NULL on OpenSSL errors
Guard against the pointer being NULL before pfreeing upon an error returned from OpenSSL. Also handle errors from X509_NAME_print_ex which also can return -1 on memory allocation errors. Backpatch down to v15 where the code was added. Author: Sergey Shinderuk <s.shinderuk@postgrespro.ru> Discussion: https://postgr.es/m/8db5374d-32e0-6abb-d402-40762511eff2@postgrespro.ru Backpatch-through: v15
-rw-r--r--src/backend/libpq/be-secure-openssl.c25
1 files changed, 17 insertions, 8 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 05276ab95ce..e9c86d08df2 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -620,8 +620,11 @@ aloop:
bio = BIO_new(BIO_s_mem());
if (!bio)
{
- pfree(port->peer_cn);
- port->peer_cn = NULL;
+ if (port->peer_cn != NULL)
+ {
+ pfree(port->peer_cn);
+ port->peer_cn = NULL;
+ }
return -1;
}
@@ -632,12 +635,15 @@ aloop:
* which make regular expression matching a bit easier. Also note that
* it prints the Subject fields in reverse order.
*/
- X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253);
- if (BIO_get_mem_ptr(bio, &bio_buf) <= 0)
+ if (X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253) == -1 ||
+ BIO_get_mem_ptr(bio, &bio_buf) <= 0)
{
BIO_free(bio);
- pfree(port->peer_cn);
- port->peer_cn = NULL;
+ if (port->peer_cn != NULL)
+ {
+ pfree(port->peer_cn);
+ port->peer_cn = NULL;
+ }
return -1;
}
peer_dn = MemoryContextAlloc(TopMemoryContext, bio_buf->length + 1);
@@ -651,8 +657,11 @@ aloop:
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL certificate's distinguished name contains embedded null")));
pfree(peer_dn);
- pfree(port->peer_cn);
- port->peer_cn = NULL;
+ if (port->peer_cn != NULL)
+ {
+ pfree(port->peer_cn);
+ port->peer_cn = NULL;
+ }
return -1;
}