diff options
| author | Michael Paquier <michael@paquier.xyz> | 2020-10-19 09:36:56 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2020-10-19 09:36:56 +0900 |
| commit | ca2a12c935f75fb56c3b14527d6f2ff6f549ea85 (patch) | |
| tree | fc2279a77fb6434b565ca29f0883f8a57c43888c /contrib/pgcrypto | |
| parent | a90c950fc7fd8796daa8c7948e7046bceb272894 (diff) | |
| download | postgresql-ca2a12c935f75fb56c3b14527d6f2ff6f549ea85.tar.gz | |
Fix potential memory leak in pgcrypto
When allocating a EVP context, it would have been possible to leak some
memory allocated directly by OpenSSL, that PostgreSQL lost track of if
the initialization of the context allocated failed. The cleanup can be
done with EVP_MD_CTX_destroy().
Note that EVP APIs exist since OpenSSL 0.9.7 and we have in the tree
equivalent implementations for older versions since ce9b75d (code
removed with 9b7cd59a as of 10~). However, in 9.5 and 9.6, the existing
code makes use of EVP_MD_CTX_destroy() and EVP_MD_CTX_create() without
an equivalent implementation when building the tree with OpenSSL 0.9.6
or older, meaning that this code is in reality broken with such versions
since it got introduced in e2838c5. As we have heard no complains about
that, it does not seem worth bothering with in 9.5 and 9.6, so I have
left that out for simplicity.
Author: Michael Paquier
Discussion: https://postgr.es/m/20201015072212.GC2305@paquier.xyz
Backpatch-through: 9.5
Diffstat (limited to 'contrib/pgcrypto')
| -rw-r--r-- | contrib/pgcrypto/openssl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c index 90951a8ae7..ed96e4ce53 100644 --- a/contrib/pgcrypto/openssl.c +++ b/contrib/pgcrypto/openssl.c @@ -202,6 +202,7 @@ px_find_digest(const char *name, PX_MD **res) } if (EVP_DigestInit_ex(ctx, md, NULL) == 0) { + EVP_MD_CTX_destroy(ctx); pfree(digest); return -1; } |