rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix memory leak in libpq when using sslmode=verify-full 

Checking if Subject Alternative Names (SANs) from a certificate match
with the hostname connected to leaked memory after each lookup done.

This is broken since acd08d7 that added support for SANs in SSL
certificates, so backpatch down to 9.5.

Author: Roman Peshkurov
Reviewed-by: Hamid Akhtar, Michael Paquier, David Steele
Discussion: https://postgr.es/m/CALLDf-pZ-E3mjxd5=bnHsDu9zHEOnpgPgdnO84E2RuwMCjjyPw@mail.gmail.com
Backpatch-through: 9.5
This commit is contained in:
Michael Paquier 2020-04-22 07:27:03 +09:00
parent 8803506c41
commit 27dbe1a184
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/interfaces/libpq/fe-secure-openssl.c
View File

@ -552,7 +552,7 @@ pgtls_verify_peer_name_matches_certificate_guts(PGconn *conn,
if (rc != 0)
break;
}
sk_GENERAL_NAME_free(peer_san);
sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free);
}
/*