Re: BUG #16160: Minor memory leak in case of starting postgres server with SSL encryption

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Andres Freund <andres@anarazel.de>
Cc: Jelte Fennema <postgres@jeltef.nl>, Michael Paquier <michael@paquier.xyz>, duspensky@ya.ru, pgsql-bugs@lists.postgresql.org
Date: 2021-03-16T18:03:34Z
Lists: pgsql-bugs
Andres Freund <andres@anarazel.de> writes:
> On 2021-03-16 12:31:17 -0400, Tom Lane wrote:
>> I'm wondering about that because I see some other stuff in be_tls_init()
>> that looks like it might get leaked, notably the root_cert_list read
>> from the ssl_ca_file.

> Given that we're careful to destroy the "temporary" ssl context in case
> of error, perhaps the best way to deal with root_cert_list being freed
> in case of error would be to assign it to the context as soon as its
> loaded?

Yeah, I came to the same conclusion downthread.  I'll go see about
making that happen.

			regards, tom lane



Commits

  1. Fix memory leak when rejecting bogus DH parameters.

  2. Fix memory leak when initializing DH parameters in backend

  3. Avoid corner-case memory leak in SSL parameter processing.