open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix memory leak when rejecting bogus DH parameters.

Browse Source 
While back-patching e0e569e1d, I noted that there were some other
places where we ought to be applying DH_free(); namely, where we
load some DH parameters from a file and then reject them as not
being sufficiently secure.  While it seems really unlikely that
anybody would hit these code paths in production, let alone do
so repeatedly, let's fix it for consistency.

Back-patch to v10 where this code was introduced.

Discussion: https://postgr.es/m/16160-18367e56e9a28264@postgresql.org
pull/64/head
Tom Lane 5 years ago
parent f0c2a5bba6
commit e835e89a0f
1 changed files with 3 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      src/backend/libpq/be-secure-openssl.c

3
src/backend/libpq/be-secure-openssl.c
Unescape View File

@ -922,6 +922,7 @@ load_dh_file(char *filename, bool isServerStart)
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("invalid DH parameters: %s",
SSLerrmessage(ERR_get_error()))));
DH_free(dh);
return NULL;
}
if (codes & DH_CHECK_P_NOT_PRIME)
@ -929,6 +930,7 @@ load_dh_file(char *filename, bool isServerStart)
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("invalid DH parameters: p is not prime")));
DH_free(dh);
return NULL;
}
if ((codes & DH_NOT_SUITABLE_GENERATOR) &&
@ -937,6 +939,7 @@ load_dh_file(char *filename, bool isServerStart)
ereport(isServerStart ? FATAL : LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("invalid DH parameters: neither suitable generator or safe prime")));
DH_free(dh);
return NULL;
}

Write Preview
Loading…
Cancel
Save