diff options
| author | Michael Paquier <michael@paquier.xyz> | 2020-04-22 07:27:49 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2020-04-22 07:27:49 +0900 |
| commit | 35d08658d1cccc3f3c248dfc211bdff96fddfead (patch) | |
| tree | 9da4e674b055b52f04ac91bceb2cbdbe9c681ea9 /src | |
| parent | 97dcd5cd1500184903ae66ea9629efb04e4da0b9 (diff) | |
| download | postgresql-35d08658d1cccc3f3c248dfc211bdff96fddfead.tar.gz postgresql-35d08658d1cccc3f3c248dfc211bdff96fddfead.zip | |
Fix memory leak in libpq when using sslmode=verify-full
Checking if Subject Alternative Names (SANs) from a certificate match
with the hostname connected to leaked memory after each lookup done.
This is broken since acd08d7 that added support for SANs in SSL
certificates, so backpatch down to 9.5.
Author: Roman Peshkurov
Reviewed-by: Hamid Akhtar, Michael Paquier, David Steele
Discussion: https://postgr.es/m/CALLDf-pZ-E3mjxd5=bnHsDu9zHEOnpgPgdnO84E2RuwMCjjyPw@mail.gmail.com
Backpatch-through: 9.5
Diffstat (limited to 'src')
| -rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 766d4a0b2ce..66d50a959b6 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -550,7 +550,7 @@ pgtls_verify_peer_name_matches_certificate_guts(PGconn *conn, if (rc != 0) break; } - sk_GENERAL_NAME_free(peer_san); + sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free); } /* |