Re: Fix error handling in be_tls_open_server()
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Sergey Shinderuk <s.shinderuk@postgrespro.ru>
Cc: Michael Paquier <michael@paquier.xyz>,
Jacob Champion <jchampion@timescale.com>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2023-09-20T08:42:23Z
Lists: pgsql-hackers
Attachments
- v2-0001-Avoid-potential-pfree-on-NULL-on-OpenSSL-errors.patch (application/octet-stream) patch v2-0001
> On 19 Sep 2023, at 10:06, Sergey Shinderuk <s.shinderuk@postgrespro.ru> wrote: > > On 19.09.2023 03:54, Michael Paquier wrote: >> One doubt that I have is if we shouldn't let X509_NAME_print_ex() be >> as it is now, and not force a failure on the bio if this calls fails. > > If malloc fails inside X509_NAME_print_ex, then we will be left with empty port->peer_dn. Looking at the OpenSSL code, there a other (albeit esoteric) errors that return -1 as well. I agree that we should handle this error. X509_NAME_print_ex is not documented to return -1 in OpenSSL 1.0.2 but reading the code it's clear that it does, so checking for -1 is safe for all supported OpenSSL versions (supported by us that is). Attached is a v2 on top of HEAD with commit message etc, which I propose to backpatch to v15 where it was introduced. -- Daniel Gustafsson
Commits
-
Avoid potential pfree on NULL on OpenSSL errors
- f720875a4670 16.1 landed
- 9dc85806d8be 15.5 landed
- 5f3aa309a880 17.0 landed