summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 36714f8)
raw | patch | inline | side by side (parent: 36714f8)
| author | Michael Paquier <michael@paquier.xyz> | |
| Tue, 21 Apr 2020 22:28:04 +0000 (07:28 +0900) | ||
| committer | Michael Paquier <michael@paquier.xyz> | |
| Tue, 21 Apr 2020 22:28:04 +0000 (07:28 +0900) |
Checking if Subject Alternative Names (SANs) from a certificate match
with the hostname connected to leaked memory after each lookup done.
This is broken since acd08d7 that added support for SANs in SSL
certificates, so backpatch down to 9.5.
Author: Roman Peshkurov
Reviewed-by: Hamid Akhtar, Michael Paquier, David Steele
Discussion: https://postgr.es/m/CALLDf-pZ-E3mjxd5=bnHsDu9zHEOnpgPgdnO84E2RuwMCjjyPw@mail.gmail.com
Backpatch-through: 9.5
with the hostname connected to leaked memory after each lookup done.
This is broken since acd08d7 that added support for SANs in SSL
certificates, so backpatch down to 9.5.
Author: Roman Peshkurov
Reviewed-by: Hamid Akhtar, Michael Paquier, David Steele
Discussion: https://postgr.es/m/CALLDf-pZ-E3mjxd5=bnHsDu9zHEOnpgPgdnO84E2RuwMCjjyPw@mail.gmail.com
Backpatch-through: 9.5
| src/interfaces/libpq/fe-secure-openssl.c | patch | blob | blame | history |
index 84eb024d6b95e8a51684470805b3930c6f49ae5e..795e6a6919a3ba019874b6b4e039088bec274151 100644 (file)
if (found_match || got_error)
break;
}
- sk_GENERAL_NAME_free(peer_san);
+ sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free);
}
/*