Avoid potential pfree on NULL on OpenSSL errors

Guard against the pointer being NULL before pfreeing upon an error
returned from OpenSSL.  Also handle errors from X509_NAME_print_ex
which can return -1 on memory allocation errors.

Backpatch down to v15 where the code was added.

Author: Sergey Shinderuk <s.shinderuk@postgrespro.ru>
Discussion: https://postgr.es/m/8db5374d-32e0-6abb-d402-40762511eff2@postgrespro.ru
Backpatch-through: v15
This commit is contained in:
Daniel Gustafsson 2023-09-22 11:18:25 +02:00
parent e59fcbd712
commit 5f3aa309a8
1 changed files with 17 additions and 8 deletions

View File

@ -620,8 +620,11 @@ aloop:
bio = BIO_new(BIO_s_mem());
if (!bio)
{
pfree(port->peer_cn);
port->peer_cn = NULL;
if (port->peer_cn != NULL)
{
pfree(port->peer_cn);
port->peer_cn = NULL;
}
return -1;
}
@ -632,12 +635,15 @@ aloop:
* which make regular expression matching a bit easier. Also note that
* it prints the Subject fields in reverse order.
*/
X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253);
if (BIO_get_mem_ptr(bio, &bio_buf) <= 0)
if (X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253) == -1 ||
BIO_get_mem_ptr(bio, &bio_buf) <= 0)
{
BIO_free(bio);
pfree(port->peer_cn);
port->peer_cn = NULL;
if (port->peer_cn != NULL)
{
pfree(port->peer_cn);
port->peer_cn = NULL;
}
return -1;
}
peer_dn = MemoryContextAlloc(TopMemoryContext, bio_buf->length + 1);
@ -651,8 +657,11 @@ aloop:
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL certificate's distinguished name contains embedded null")));
pfree(peer_dn);
pfree(port->peer_cn);
port->peer_cn = NULL;
if (port->peer_cn != NULL)
{
pfree(port->peer_cn);
port->peer_cn = NULL;
}
return -1;
}