Fix memory leak in libpq when using sslmode=verify-full

Checking if Subject Alternative Names (SANs) from a certificate match with the hostname connected to leaked memory after each lookup done. This is broken since acd08d7 that added support for SANs in SSL certificates, so backpatch down to 9.5. Author: Roman Peshkurov Reviewed-by: Hamid Akhtar, Michael Paquier, David Steele Discussion: https://postgr.es/m/CALLDf-pZ-E3mjxd5=bnHsDu9zHEOnpgPgdnO84E2RuwMCjjyPw@mail.gmail.com Backpatch-through: 9.5
author: Michael Paquier <michael@paquier.xyz> 2020-04-22 07:27:45 +0900
committer: Michael Paquier <michael@paquier.xyz> 2020-04-22 07:27:45 +0900
commit: e1c08722ae0219634147f8a05876a5ef0df9be93 (patch)
tree: b3423f32d3e7dee147d75cfecf668ba655c65b8a /src/interfaces/libpq/fe-secure-openssl.c
parent: cda02408f20dda90dfe4eb8b6a1adf053afe7446 (diff)
download: postgresql-e1c08722ae0219634147f8a05876a5ef0df9be93.tar.gz
postgresql-e1c08722ae0219634147f8a05876a5ef0df9be93.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index c8b8d070395..073335fdfd5 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -550,7 +550,7 @@ pgtls_verify_peer_name_matches_certificate_guts(PGconn *conn,
 			if (rc != 0)
 				break;
 		}
-		sk_GENERAL_NAME_free(peer_san);
+		sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free);
 	}
 
 	/*
author	Michael Paquier <michael@paquier.xyz>	2020-04-22 07:27:45 +0900
committer	Michael Paquier <michael@paquier.xyz>	2020-04-22 07:27:45 +0900
commit	e1c08722ae0219634147f8a05876a5ef0df9be93 (patch)
tree	b3423f32d3e7dee147d75cfecf668ba655c65b8a /src/interfaces/libpq/fe-secure-openssl.c
parent	cda02408f20dda90dfe4eb8b6a1adf053afe7446 (diff)
download	postgresql-e1c08722ae0219634147f8a05876a5ef0df9be93.tar.gz postgresql-e1c08722ae0219634147f8a05876a5ef0df9be93.zip