Skip to content

Commit 8582cf1

Browse files
alvherrealvherre
committed
Add more sanity checks in contrib/sslinfo
We were missing a few return checks on OpenSSL calls. Should be pretty harmless, since we haven't seen any user reports about problems, and this is not a high-traffic module anyway; still, a bug is a bug, so backpatch this all the way back to 9.0. Author: Michael Paquier, while reviewing another sslinfo patch
1 parent 0198a8d commit 8582cf1

File tree

1 file changed

+22
-3
lines changed

1 file changed

+22
-3
lines changed

contrib/sslinfo/sslinfo.c

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,10 @@ ASN1_STRING_to_text(ASN1_STRING *str)
140140
text *result;
141141

142142
membuf = BIO_new(BIO_s_mem());
143+
if (membuf == NULL)
144+
ereport(ERROR,
145+
(errcode(ERRCODE_OUT_OF_MEMORY),
146+
errmsg("failed to create OpenSSL BIO structure")));
143147
(void) BIO_set_close(membuf, BIO_CLOSE);
144148
ASN1_STRING_print_ex(membuf, str,
145149
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -152,7 +156,8 @@ ASN1_STRING_to_text(ASN1_STRING *str)
152156
result = cstring_to_text(dp);
153157
if (dp != sp)
154158
pfree(dp);
155-
BIO_free(membuf);
159+
if (BIO_free(membuf) != 1)
160+
elog(ERROR, "failed to free OpenSSL BIO structure");
156161

157162
PG_RETURN_TEXT_P(result);
158163
}
@@ -291,15 +296,28 @@ X509_NAME_to_text(X509_NAME *name)
291296
char *dp;
292297
text *result;
293298

299+
if (membuf == NULL)
300+
ereport(ERROR,
301+
(errcode(ERRCODE_OUT_OF_MEMORY),
302+
errmsg("failed to create BIO")));
303+
294304
(void) BIO_set_close(membuf, BIO_CLOSE);
295305
for (i = 0; i < count; i++)
296306
{
297307
e = X509_NAME_get_entry(name, i);
298308
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
309+
if (nid == NID_undef)
310+
ereport(ERROR,
311+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
312+
errmsg("failed to get NID for ASN1_OBJECT object")));
299313
v = X509_NAME_ENTRY_get_data(e);
300314
field_name = OBJ_nid2sn(nid);
301-
if (!field_name)
315+
if (field_name == NULL)
302316
field_name = OBJ_nid2ln(nid);
317+
if (field_name == NULL)
318+
ereport(ERROR,
319+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
320+
errmsg("failed to convert NID %d to an ASN1_OBJECT structure", nid)));
303321
BIO_printf(membuf, "/%s=", field_name);
304322
ASN1_STRING_print_ex(membuf, v,
305323
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -314,7 +332,8 @@ X509_NAME_to_text(X509_NAME *name)
314332
result = cstring_to_text(dp);
315333
if (dp != sp)
316334
pfree(dp);
317-
BIO_free(membuf);
335+
if (BIO_free(membuf) != 1)
336+
elog(ERROR, "failed to free OpenSSL BIO structure");
318337

319338
PG_RETURN_TEXT_P(result);
320339
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy