Possible memory leak in pgcrypto with EVP_MD_CTX

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-10-15T07:22:12Z
Lists: pgsql-hackers

Attachments

Hi all,

It happens that pgcrypto has the following leak if a digest cannot be
initialized:
--- a/contrib/pgcrypto/openssl.c
+++ b/contrib/pgcrypto/openssl.c
@@ -202,6 +202,7 @@ px_find_digest(const char *name, PX_MD **res)
    }
    if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
    {
+       EVP_MD_CTX_destroy(ctx);
        pfree(digest);
        return -1;
    }

That's a bit annoying, because this memory is allocated directly by
OpenSSL, and Postgres does not know how to free it until it gets
registered in the list of open_digests that would be used by the
cleanup callback, so I think that we had better back-patch this fix.

Thoughts?
--
Michael

Commits

  1. Fix potential memory leak in pgcrypto