Add more sanity checks in contrib/sslinfo

We were missing a few return checks on OpenSSL calls.  Should be pretty
harmless, since we haven't seen any user reports about problems, and
this is not a high-traffic module anyway; still, a bug is a bug, so
backpatch this all the way back to 9.0.

Author: Michael Paquier, while reviewing another sslinfo patch

diff --git a/contrib/sslinfo/sslinfo.c b/contrib/sslinfo/sslinfo.c
index db491a4bc806b1278220ce513b18931f74bc92c7..686d9a66d6598ea4f2db5b169a9ec8b1fd2513ec 100644 (file)
--- a/contrib/sslinfo/sslinfo.c
+++ b/contrib/sslinfo/sslinfo.c
@@ -140,6 +140,10 @@ ASN1_STRING_to_text(ASN1_STRING *str)
    text       *result;
 
    membuf = BIO_new(BIO_s_mem());
+   if (membuf == NULL)
+       ereport(ERROR,
+               (errcode(ERRCODE_OUT_OF_MEMORY),
+                errmsg("failed to create OpenSSL BIO structure")));
    (void) BIO_set_close(membuf, BIO_CLOSE);
    ASN1_STRING_print_ex(membuf, str,
                         ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -152,7 +156,8 @@ ASN1_STRING_to_text(ASN1_STRING *str)
    result = cstring_to_text(dp);
    if (dp != sp)
        pfree(dp);
-   BIO_free(membuf);
+   if (BIO_free(membuf) != 1)
+       elog(ERROR, "failed to free OpenSSL BIO structure");
 
    PG_RETURN_TEXT_P(result);
 }
@@ -291,15 +296,28 @@ X509_NAME_to_text(X509_NAME *name)
    char       *dp;
    text       *result;
 
+   if (membuf == NULL)
+       ereport(ERROR,
+               (errcode(ERRCODE_OUT_OF_MEMORY),
+                errmsg("failed to create BIO")));
+
    (void) BIO_set_close(membuf, BIO_CLOSE);
    for (i = 0; i < count; i++)
    {
        e = X509_NAME_get_entry(name, i);
        nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
+       if (nid == NID_undef)
+           ereport(ERROR,
+                   (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                    errmsg("failed to get NID for ASN1_OBJECT object")));
        v = X509_NAME_ENTRY_get_data(e);
        field_name = OBJ_nid2sn(nid);
-       if (!field_name)
+       if (field_name == NULL)
            field_name = OBJ_nid2ln(nid);
+       if (field_name == NULL)
+           ereport(ERROR,
+                   (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                    errmsg("failed to convert NID %d to an ASN1_OBJECT structure", nid)));
        BIO_printf(membuf, "/%s=", field_name);
        ASN1_STRING_print_ex(membuf, v,
                             ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -314,7 +332,8 @@ X509_NAME_to_text(X509_NAME *name)
    result = cstring_to_text(dp);
    if (dp != sp)
        pfree(dp);
-   BIO_free(membuf);
+   if (BIO_free(membuf) != 1)
+       elog(ERROR, "failed to free OpenSSL BIO structure");
 
    PG_RETURN_TEXT_P(result);
 }