Re: Fix error handling in be_tls_open_server()

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Sergey Shinderuk <s.shinderuk@postgrespro.ru>
Cc: Michael Paquier <michael@paquier.xyz>, Jacob Champion <jchampion@timescale.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2023-09-20T08:42:23Z
Lists: pgsql-hackers

Attachments

> On 19 Sep 2023, at 10:06, Sergey Shinderuk <s.shinderuk@postgrespro.ru> wrote:
> 
> On 19.09.2023 03:54, Michael Paquier wrote:
>> One doubt that I have is if we shouldn't let X509_NAME_print_ex() be
>> as it is now, and not force a failure on the bio if this calls fails.
> 
> If malloc fails inside X509_NAME_print_ex, then we will be left with empty port->peer_dn.

Looking at the OpenSSL code, there a other (albeit esoteric) errors that return
-1 as well.  I agree that we should handle this error.

X509_NAME_print_ex is not documented to return -1 in OpenSSL 1.0.2 but reading
the code it's clear that it does, so checking for -1 is safe for all supported
OpenSSL versions (supported by us that is).

Attached is a v2 on top of HEAD with commit message etc, which I propose to
backpatch to v15 where it was introduced.

--
Daniel Gustafsson

Commits

  1. Avoid potential pfree on NULL on OpenSSL errors