Skip to content

Commit d94c36a

Browse files
alvherrealvherre
committed
Add more sanity checks in contrib/sslinfo
We were missing a few return checks on OpenSSL calls. Should be pretty harmless, since we haven't seen any user reports about problems, and this is not a high-traffic module anyway; still, a bug is a bug, so backpatch this all the way back to 9.0. Author: Michael Paquier, while reviewing another sslinfo patch
1 parent f828654 commit d94c36a

File tree

1 file changed

+22
-3
lines changed

1 file changed

+22
-3
lines changed

contrib/sslinfo/sslinfo.c

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,10 @@ ASN1_STRING_to_text(ASN1_STRING *str)
138138
text *result;
139139

140140
membuf = BIO_new(BIO_s_mem());
141+
if (membuf == NULL)
142+
ereport(ERROR,
143+
(errcode(ERRCODE_OUT_OF_MEMORY),
144+
errmsg("failed to create OpenSSL BIO structure")));
141145
(void) BIO_set_close(membuf, BIO_CLOSE);
142146
ASN1_STRING_print_ex(membuf, str,
143147
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -150,7 +154,8 @@ ASN1_STRING_to_text(ASN1_STRING *str)
150154
result = cstring_to_text(dp);
151155
if (dp != sp)
152156
pfree(dp);
153-
BIO_free(membuf);
157+
if (BIO_free(membuf) != 1)
158+
elog(ERROR, "failed to free OpenSSL BIO structure");
154159

155160
PG_RETURN_TEXT_P(result);
156161
}
@@ -289,15 +294,28 @@ X509_NAME_to_text(X509_NAME *name)
289294
char *dp;
290295
text *result;
291296

297+
if (membuf == NULL)
298+
ereport(ERROR,
299+
(errcode(ERRCODE_OUT_OF_MEMORY),
300+
errmsg("failed to create BIO")));
301+
292302
(void) BIO_set_close(membuf, BIO_CLOSE);
293303
for (i = 0; i < count; i++)
294304
{
295305
e = X509_NAME_get_entry(name, i);
296306
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
307+
if (nid == NID_undef)
308+
ereport(ERROR,
309+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
310+
errmsg("failed to get NID for ASN1_OBJECT object")));
297311
v = X509_NAME_ENTRY_get_data(e);
298312
field_name = OBJ_nid2sn(nid);
299-
if (!field_name)
313+
if (field_name == NULL)
300314
field_name = OBJ_nid2ln(nid);
315+
if (field_name == NULL)
316+
ereport(ERROR,
317+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
318+
errmsg("failed to convert NID %d to an ASN1_OBJECT structure", nid)));
301319
BIO_printf(membuf, "/%s=", field_name);
302320
ASN1_STRING_print_ex(membuf, v,
303321
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -312,7 +330,8 @@ X509_NAME_to_text(X509_NAME *name)
312330
result = cstring_to_text(dp);
313331
if (dp != sp)
314332
pfree(dp);
315-
BIO_free(membuf);
333+
if (BIO_free(membuf) != 1)
334+
elog(ERROR, "failed to free OpenSSL BIO structure");
316335

317336
PG_RETURN_TEXT_P(result);
318337
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy