Re: BUG #16160: Minor memory leak in case of starting postgres server with SSL encryption

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Jelte Fennema <postgres@jeltef.nl>
Cc: Michael Paquier <michael@paquier.xyz>, duspensky@ya.ru, pgsql-bugs@lists.postgresql.org
Date: 2021-03-16T16:31:17Z
Lists: pgsql-bugs
Jelte Fennema <postgres@jeltef.nl> writes:
> We ran into this memory leak on PG11 in production. The lea was determined
> to be the root cause of OOM errors we were seeing. There was a combination
> of a things that caused this leak to become serious enough for these OOM
> errors to happen:

I follow the argument that a leak in the postmaster's SIGHUP processing
could accumulate enough to be a problem.  However, how sure are you
really that this specific bug accounts for all of the leakage you saw?

I'm wondering about that because I see some other stuff in be_tls_init()
that looks like it might get leaked, notably the root_cert_list read
from the ssl_ca_file.  This code was originally meant to be run exactly
once at postmaster start, so it's not too surprising that it's not as
careful as it now needs to be.

			regards, tom lane



Commits

  1. Fix memory leak when rejecting bogus DH parameters.

  2. Fix memory leak when initializing DH parameters in backend

  3. Avoid corner-case memory leak in SSL parameter processing.