Re: [PATCH] Log details for client certificate failures

Peter Eisentraut <peter.eisentraut@enterprisedb.com>

From: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
To: Masahiko Sawada <sawada.mshk@gmail.com>, Jacob Champion <jchampion@timescale.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Andres Freund <andres@anarazel.de>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-10-01T10:52:58Z
Lists: pgsql-hackers
On 29.09.22 06:52, Masahiko Sawada wrote:
> While this seems a future-proof idea, I wonder if it might be overkill
> since we don't need to worry about accumulation of leaked memory in
> this case. Given that only check_cluter_name is the case where we
> found a small memory leak, I think it's adequate to fix it.
> 
> Fixing this issue suppresses the valgrind's complaint but since the
> boot value of cluster_name is "" the memory leak we can avoid is only
> 1 byte.

I have committed this.  I think it's better to keep the code locally 
robust and not to have to rely on complex analysis of how GUC memory 
management works.



Commits

  1. Fix tiny memory leaks

  2. Don't reflect unescaped cert data to the logs

  3. pg_clean_ascii(): escape bytes rather than lose them

  4. Log details for client certificate failures