Avoid potential pfree on NULL on OpenSSL errors
Guard against the pointer being NULL before pfreeing upon an error returned from OpenSSL. Also handle errors from X509_NAME_print_ex which can return -1 on memory allocation errors. Backpatch down to v15 where the code was added. Author: Sergey Shinderuk <s.shinderuk@postgrespro.ru> Discussion: https://postgr.es/m/8db5374d-32e0-6abb-d402-40762511eff2@postgrespro.ru Backpatch-through: v15
This commit is contained in:
parent
e59fcbd712
commit
5f3aa309a8
|
@ -620,8 +620,11 @@ aloop:
|
||||||
bio = BIO_new(BIO_s_mem());
|
bio = BIO_new(BIO_s_mem());
|
||||||
if (!bio)
|
if (!bio)
|
||||||
{
|
{
|
||||||
pfree(port->peer_cn);
|
if (port->peer_cn != NULL)
|
||||||
port->peer_cn = NULL;
|
{
|
||||||
|
pfree(port->peer_cn);
|
||||||
|
port->peer_cn = NULL;
|
||||||
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -632,12 +635,15 @@ aloop:
|
||||||
* which make regular expression matching a bit easier. Also note that
|
* which make regular expression matching a bit easier. Also note that
|
||||||
* it prints the Subject fields in reverse order.
|
* it prints the Subject fields in reverse order.
|
||||||
*/
|
*/
|
||||||
X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253);
|
if (X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253) == -1 ||
|
||||||
if (BIO_get_mem_ptr(bio, &bio_buf) <= 0)
|
BIO_get_mem_ptr(bio, &bio_buf) <= 0)
|
||||||
{
|
{
|
||||||
BIO_free(bio);
|
BIO_free(bio);
|
||||||
pfree(port->peer_cn);
|
if (port->peer_cn != NULL)
|
||||||
port->peer_cn = NULL;
|
{
|
||||||
|
pfree(port->peer_cn);
|
||||||
|
port->peer_cn = NULL;
|
||||||
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
peer_dn = MemoryContextAlloc(TopMemoryContext, bio_buf->length + 1);
|
peer_dn = MemoryContextAlloc(TopMemoryContext, bio_buf->length + 1);
|
||||||
|
@ -651,8 +657,11 @@ aloop:
|
||||||
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
||||||
errmsg("SSL certificate's distinguished name contains embedded null")));
|
errmsg("SSL certificate's distinguished name contains embedded null")));
|
||||||
pfree(peer_dn);
|
pfree(peer_dn);
|
||||||
pfree(port->peer_cn);
|
if (port->peer_cn != NULL)
|
||||||
port->peer_cn = NULL;
|
{
|
||||||
|
pfree(port->peer_cn);
|
||||||
|
port->peer_cn = NULL;
|
||||||
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue