Re: BUG #16160: Minor memory leak in case of starting postgres server with SSL encryption
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: duspensky@ya.ru, pgsql-bugs@lists.postgresql.org
Date: 2019-12-13T06:39:15Z
Lists: pgsql-bugs
Attachments
- bessl-dh-free.patch (text/x-diff) patch
On Wed, Dec 11, 2019 at 04:22:03PM +0000, PG Bug reporting form wrote: > According to the following information > > https://wiki.openssl.org/index.php/Diffie-Hellman_parameters > > DH_free function must be called after SSL_CTX_set_tmp_dh That's not directly mentioned on their docs actually: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_tmp_dh.html But it seems to me that you are right. If I look at the OpenSSL code, ssl3_ctrl() does a DH_free() on error when going though SSL_CTRL_SET_TMP_DH, and the code copies the DH directly using DHparams_dup() so we don't need to keep any reference to it in our code. One more disturbing issue is that we can would accumulate garbage if we keep reloading the SSL context in the postmaster. For this reason, it could justify a backpatch down to the point where SSL parameters are reloadable. On the other hand, the leak is small, so my take is actually to just fix HEAD and call it a day. Attached is a patch, I'll go commit that if there are no objections. The DH handling does not really change regarding the way it gets free'd or not down to 0.9.8. -- Michael
Commits
-
Fix memory leak when rejecting bogus DH parameters.
- ad6c19066d93 10.17 landed
- 8c830148d2d4 11.12 landed
- 2f31414f4322 12.7 landed
- 4b41f6923458 13.3 landed
- e835e89a0fd2 14.0 landed
-
Fix memory leak when initializing DH parameters in backend
- c49e287a8e4d 11.12 landed
- 992cba94d38e 12.7 landed
- 7d9629ed2f69 10.17 landed
- e0e569e1d192 13.0 landed
-
Avoid corner-case memory leak in SSL parameter processing.
- 4b12ab18c9d0 14.0 landed
- a2764d87df04 11.12 landed
- 7ce7f2b79890 10.17 landed
- 6e34755560aa 12.7 landed
- 4d072bf2a031 13.3 landed