git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Fix memory leak in libpq when using sslmode=verify-full

author Michael Paquier <michael@paquier.xyz>

2020年4月21日 22:27:03 +0000 (07:27 +0900)

committer Michael Paquier <michael@paquier.xyz>

2020年4月21日 22:27:03 +0000 (07:27 +0900)

Checking if Subject Alternative Names (SANs) from a certificate match
with the hostname connected to leaked memory after each lookup done.

This is broken since acd08d7 that added support for SANs in SSL
certificates, so backpatch down to 9.5.

Author: Roman Peshkurov
Reviewed-by: Hamid Akhtar, Michael Paquier, David Steele
Discussion: https://postgr.es/m/CALLDf-pZ-E3mjxd5=bnHsDu9zHEOnpgPgdnO84E2RuwMCjjyPw@mail.gmail.com
Backpatch-through: 9.5

src/interfaces/libpq/fe-secure-openssl.c patch | blob | blame | history

diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c

index d3a37e1d273f8429ebc1034e21a123bcefeac081..731aa23c5535b941fae4aaa45f6a990c364be3da 100644 (file)

--- a/src/interfaces/libpq/fe-secure-openssl.c

+++ b/src/interfaces/libpq/fe-secure-openssl.c

@@ -552,7 +552,7 @@ pgtls_verify_peer_name_matches_certificate_guts(PGconn *conn,

if (rc != 0)

break;

}

- sk_GENERAL_NAME_free(peer_san);

+ sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free);

}

This is the main PostgreSQL git repository.

RSS Atom