Re: OpenSSL 1.1 breaks configure and more
Andreas Karlsson <andreas@proxel.se>
From: Andreas Karlsson <andreas@proxel.se>
To: Heikki Linnakangas <hlinnaka@iki.fi>, Victor Wagner <vitus@wagner.pp.ru>,
pgsql-hackers@postgresql.org, Christoph Berg <myon@debian.org>,
Tom Lane <tgl@sss.pgh.pa.us>
Date: 2016-08-30T00:26:56Z
Lists: pgsql-hackers
Attachments
- 0001-Fixes-for-compiling-with-OpenSSL-1.1-v4.patch (text/x-patch)
On 08/26/2016 11:31 AM, Heikki Linnakangas wrote: > On 07/05/2016 04:46 PM, Andreas Karlsson wrote: >> @@ -280,8 +287,9 @@ px_find_digest(const char *name, PX_MD **res) >> digest = px_alloc(sizeof(*digest)); >> digest->algo = md; >> >> - EVP_MD_CTX_init(&digest->ctx); >> - if (EVP_DigestInit_ex(&digest->ctx, digest->algo, NULL) == 0) >> + digest->ctx = EVP_MD_CTX_create(); >> + EVP_MD_CTX_init(digest->ctx); >> + if (EVP_DigestInit_ex(digest->ctx, digest->algo, NULL) == 0) >> return -1; >> >> h = px_alloc(sizeof(*h)); > > Now that we're calling EVP_MD_CTX_create((), which allocates memory, are > we risking memory leaks? It has always been part of the contract that > you have to call px_md_free(), for any context returned by > px_find_digest(), but I wonder just how careful we have been about that. > Before this, you would probably get away with it without leaking, if the > digest implementation didn't allocate any extra memory or other resources. > > At least pg_digest and try_unix_std functions call px_find_digest(), and > then do more palloc()s which could elog() if you run out of memory, > leaking th digest struct. Highly unlikely, but I think it would be > fairly straightforward to reorder those calls to eliminate the risk, so > we probably should. Since px_find_digest() calls palloc() later in the function there is a slim possibility of memory leaks. How do we generally handle that things not allocated with palloc() may leak when something calls elog()? I have attached new versions of the patches which are rebased on master, with slightly improves error handling in px_find_digest(), and handles the deprecation of ASN1_STRING_data(). Andreas
Commits
-
Back-patch 9.4-era SSL renegotiation code into 9.3 and 9.2.
- fbfeceb25362 9.3.17 landed
- 58384149bdbd 9.2.21 landed