Hi,
A static analyzer reported a possible pfree(NULL) in
be_tls_open_server(). Here is a fix. Also handle an error from
X509_NAME_print_ex().
AFAICS, the error "SSL certificate's distinguished name contains
embedded null" could not be reached at all, because XN_FLAG_RFC2253
passed to X509_NAME_print_ex() ensures that null bytes are escaped.
Best regards,
--
Sergey Shinderuk https://postgrespro.com/
diff --git a/src/backend/libpq/be-secure-openssl.c
b/src/backend/libpq/be-secure-openssl.c
index 658b09988d6..31b6a6eacdf 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -620,8 +620,11 @@ aloop:
bio = BIO_new(BIO_s_mem());
if (!bio)
{
- pfree(port->peer_cn);
- port->peer_cn = NULL;
+ if (port->peer_cn != NULL)
+ {
+ pfree(port->peer_cn);
+ port->peer_cn = NULL;
+ }
return -1;
}
@@ -632,12 +635,15 @@ aloop:
* which make regular expression matching a bit easier. Also
note that
* it prints the Subject fields in reverse order.
*/
- X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253);
- if (BIO_get_mem_ptr(bio, &bio_buf) <= 0)
+ if (X509_NAME_print_ex(bio, x509name, 0, XN_FLAG_RFC2253) == -1
||
+ BIO_get_mem_ptr(bio, &bio_buf) <= 0)
{
BIO_free(bio);
- pfree(port->peer_cn);
- port->peer_cn = NULL;
+ if (port->peer_cn != NULL)
+ {
+ pfree(port->peer_cn);
+ port->peer_cn = NULL;
+ }
return -1;
}
peer_dn = MemoryContextAlloc(TopMemoryContext, bio_buf->length
+ 1);
@@ -651,8 +657,11 @@ aloop:
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL certificate's
distinguished name contains embedded null")));
pfree(peer_dn);
- pfree(port->peer_cn);
- port->peer_cn = NULL;
+ if (port->peer_cn != NULL)
+ {
+ pfree(port->peer_cn);
+ port->peer_cn = NULL;
+ }
return -1;
}
