git.postgresql.org Git - users/gsingh/postgres.git/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Tue, 16 Mar 2021 20:02:49 +0000 (16:02 -0400)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Tue, 16 Mar 2021 20:03:06 +0000 (16:03 -0400)
commit	4b12ab18c9d0735d760bf7667b158707b06e5df8
tree	fbe5fb0c2713c27476d6133bc224df30e8a14fe3	tree
parent	4078ce65a0f7197180a9be2c6460ea4bf909bd98	commit \| diff

Avoid corner-case memory leak in SSL parameter processing.

After reading the root cert list from the ssl_ca_file, immediately
install it as client CA list of the new SSL context. That gives the
SSL context ownership of the list, so that SSL_CTX_free will free it.
This avoids a permanent memory leak if we fail further down in
be_tls_init(), which could happen if bogus CRL data is offered.

The leak could only amount to something if the CRL parameters get
broken after server start (else we'd just quit) and then the server
is SIGHUP'd many times without fixing the CRL data. That's rather
unlikely perhaps, but it seems worth fixing, if only because the
code is clearer this way.

While we're here, add some comments about the memory management
aspects of this logic.

Noted by Jelte Fennema and independently by Andres Freund.
Back-patch to v10; before commit de41869b6 it doesn't matter,
since we'd not re-execute this code during SIGHUP.

Discussion: https://postgr.es/m/16160-18367e56e9a28264@postgresql.org