Skip to content

Commit d141e74

Browse files
tglsfdctglsfdc
committed
Fix old bug in contrib/sslinfo: X509_NAME_to_text freed the BIO_s_mem buffer
it was using too soon. In a situation where pg_do_encoding_conversion is a no-op, this led to garbage data returned. In HEAD, also modify the code that's ensuring null termination to make it a tad more obvious what's happening.
1 parent c5451c2 commit d141e74

File tree

1 file changed

+12
-18
lines changed

1 file changed

+12
-18
lines changed

contrib/sslinfo/sslinfo.c

Lines changed: 12 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* Written by Victor B. Wagner <vitus@cryptocom.ru>, Cryptocom LTD
55
* This file is distributed under BSD-style license.
66
*
7-
* $PostgreSQL: pgsql/contrib/sslinfo/sslinfo.c,v 1.7 2008/03/25 22:42:42 tgl Exp $
7+
* $PostgreSQL: pgsql/contrib/sslinfo/sslinfo.c,v 1.8 2008/11/10 14:57:38 tgl Exp $
88
*/
99

1010
#include "postgres.h"
@@ -113,9 +113,9 @@ ssl_client_serial(PG_FUNCTION_ARGS)
113113
Datum
114114
ASN1_STRING_to_text(ASN1_STRING *str)
115115
{
116-
BIO *membuf = NULL;
117-
size_t size,
118-
outlen;
116+
BIO *membuf;
117+
size_t size;
118+
char nullterm;
119119
char *sp;
120120
char *dp;
121121
text *result;
@@ -125,16 +125,15 @@ ASN1_STRING_to_text(ASN1_STRING *str)
125125
ASN1_STRING_print_ex(membuf, str,
126126
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
127127
| ASN1_STRFLGS_UTF8_CONVERT));
128-
129-
outlen = 0;
130-
BIO_write(membuf, &outlen, 1);
128+
/* ensure null termination of the BIO's content */
129+
nullterm = '\0';
130+
BIO_write(membuf, &nullterm, 1);
131131
size = BIO_get_mem_data(membuf, &sp);
132132
dp = (char *) pg_do_encoding_conversion((unsigned char *) sp,
133133
size - 1,
134134
PG_UTF8,
135135
GetDatabaseEncoding());
136136
result = cstring_to_text(dp);
137-
138137
if (dp != sp)
139138
pfree(dp);
140139
BIO_free(membuf);
@@ -271,6 +270,7 @@ X509_NAME_to_text(X509_NAME *name)
271270
ASN1_STRING *v;
272271
const char *field_name;
273272
size_t size;
273+
char nullterm;
274274
char *sp;
275275
char *dp;
276276
text *result;
@@ -290,24 +290,18 @@ X509_NAME_to_text(X509_NAME *name)
290290
| ASN1_STRFLGS_UTF8_CONVERT));
291291
}
292292

293-
i = 0;
294-
BIO_write(membuf, &i, 1);
293+
/* ensure null termination of the BIO's content */
294+
nullterm = '\0';
295+
BIO_write(membuf, &nullterm, 1);
295296
size = BIO_get_mem_data(membuf, &sp);
296-
297297
dp = (char *) pg_do_encoding_conversion((unsigned char *) sp,
298298
size - 1,
299299
PG_UTF8,
300300
GetDatabaseEncoding());
301-
BIO_free(membuf);
302-
303301
result = cstring_to_text(dp);
304-
305-
/*
306-
* pg_do_encoding_conversion has annoying habit of returning source
307-
* pointer
308-
*/
309302
if (dp != sp)
310303
pfree(dp);
304+
BIO_free(membuf);
311305

312306
PG_RETURN_TEXT_P(result);
313307
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy