8000 Add more sanity checks in contrib/sslinfo · percona/postgres@7febdf3 · GitHub
[go: up one dir, main page]
Skip to content
8000

Commit 7febdf3

Browse files
alvherrealvherre
committed
Add more sanity checks in contrib/sslinfo
We were missing a few return checks on OpenSSL calls. Should be pretty harmless, since we haven't seen any user reports about problems, and this is not a high-traffic module anyway; still, a bug is a bug, so backpatch this all the way back to 9.0. Author: Michael Paquier, while reviewing another sslinfo patch
1 parent 92d956f commit 7febdf3

File tree

1 file changed

+22
-3
lines changed

1 file changed

+22
-3
lines changed

contrib/sslinfo/sslinfo.c

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,10 @@ ASN1_STRING_to_text(ASN1_STRING *str)
121121
text *result;
122122

123123
membuf = BIO_new(BIO_s_mem());
124+
if (membuf == NULL)
125+
ereport(ERROR,
126+
(errcode(ERRCODE_OUT_OF_MEMORY),
127+
errmsg("failed to create OpenSSL BIO structure")));
124128
(void) BIO_set_close(membuf, BIO_CLOSE);
125129
ASN1_STRING_print_ex(membuf, str,
126130
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -136,7 +140,8 @@ ASN1_STRING_to_text(ASN1_STRING *str)
136140
result = cstring_to_text(dp);
137141
if (dp != sp)
138142
pfree(dp);
139-
BIO_free(membuf);
143+
if (BIO_free(membuf) != 1)
144+
elog(ERROR, "failed to free OpenSSL BIO structure");
140145

141146
PG_RETURN_TEXT_P(result);
142147
}
@@ -275,15 +280,28 @@ X509_NAME_to_text(X509_NAME *name)
275280
char *dp;
276281
text *result;
277282

283+
if (membuf == NULL)
284+
ereport(ERROR,
285+
(errcode(ERRCODE_OUT_OF_MEMORY),
286+
errmsg("failed to create BIO")));
287+
278288
(void) BIO_set_close(membuf, BIO_CLOSE);
279289
for (i = 0; i < count; i++)
280290
{
281291
e = X509_NAME_get_entry(name, i);
282292
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
293+
if (nid == NID_undef)
294+
ereport(ERROR,
295+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
296+
errmsg("failed to get NID for ASN1_OBJECT object")));
283297
v = X509_NAME_ENTRY_get_data(e);
284298
field_name = OBJ_nid2sn(nid);
285-
if (!field_name)
299+
if (field_name == NULL)
286300
field_name = OBJ_nid2ln(nid);
301+
if (field_name == NULL)
302+
ereport(ERROR,
303+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
304+
errmsg("failed to convert NID %d to an ASN1_OBJECT structure", nid)));
287305
BIO_printf(membuf, "/%s=", field_name);
288306
ASN1_STRING_print_ex(membuf, v,
289307
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -301,7 +319,8 @@ X509_NAME_to_text(X509_NAME *name)
301319
result = cstring_to_text(dp);
302320
if (dp != sp)
303321
pfree(dp);
304-
BIO_free(membuf);
322+
if (BIO_free(membuf) != 1)
323+
elog(ERROR, "failed to free OpenSSL BIO structure");
305324

306325
PG_RETURN_TEXT_P(result);
307326
}

0 commit comments

Comments
 (0)
0