diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2021-03-20 12:38:22 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2021-03-20 12:38:22 -0400 |
| commit | c49e287a8e4dbc3013a56f88793638f79a6ef099 (patch) | |
| tree | cd8be81520e9131b81c83e7e66e01cde2895ab07 /src | |
| parent | 20f11ca0dbc2bd99de9c4866eec6722b8202e422 (diff) | |
| download | postgresql-c49e287a8e4dbc3013a56f88793638f79a6ef099.tar.gz postgresql-c49e287a8e4dbc3013a56f88793638f79a6ef099.zip | |
Fix memory leak when initializing DH parameters in backend
When loading DH parameters used for the generation of ephemeral DH keys
in the backend, the code has never bothered releasing the memory used
for the DH information loaded from a file or from libpq's default. This
commit makes sure that the information is properly free()'d.
Back-patch of e0e569e1d. We originally thought the leak was minor and
not worth back-patching, but Jelte Fennema pointed out that repeated
SIGHUP's can result in very serious bloat of the postmaster, which is
then multiplied by being duplicated into eadh forked child.
Back-patch to v10; the code looked different before c0a15e07c,
and didn't have a leak in the actually-live code paths.
Michael Paquier
Discussion: https://postgr.es/m/16160-18367e56e9a28264@postgresql.org
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/be-secure-openssl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index e987c436476..cdd8021bc8a 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -993,8 +993,11 @@ initialize_dh(SSL_CTX *context, bool isServerStart) (errcode(ERRCODE_CONFIG_FILE_ERROR), (errmsg("DH: could not set DH parameters: %s", SSLerrmessage(ERR_get_error()))))); + DH_free(dh); return false; } + + DH_free(dh); return true; } |