Defend against possibility that SSL error reporting mechanism returns

tglsfdc · tglsfdc · commit 15c21bf8e122 · 2001-11-11T02:09:05.000Z
a NULL pointer.  Per report from Stephen Pillinger 8-Nov-01.
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
@@ -37,7 +37,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.259 2001/11/10 23:06:12 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.260 2001/11/11 02:09:05 tgl Exp $
  *
  * NOTES
  *
@@ -271,6 +271,7 @@ __attribute__((format(printf, 1, 2)));
 
 #ifdef USE_SSL
 static void InitSSL(void);
+static const char *SSLerrmessage(void);
 #endif
 
 
@@ -1108,8 +1109,8 @@ ProcessStartupPacket(Port *port, bool SSLdone)
 				!SSL_set_fd(port->ssl, port->sock) ||
 				SSL_accept(port->ssl) <= 0)
 			{
-				elog(DEBUG, "failed to initialize SSL connection: %s (%s)",
-					 ERR_reason_error_string(ERR_get_error()), strerror(errno));
+				elog(DEBUG, "failed to initialize SSL connection: %s (%m)",
+					 SSLerrmessage());
 				return STATUS_ERROR;
 			}
 		}
@@ -2379,6 +2380,7 @@ CountChildren(void)
 }
 
 #ifdef USE_SSL
+
 /*
  * Initialize SSL library and structures
  */
@@ -2393,31 +2395,56 @@ InitSSL(void)
 	if (!SSL_context)
 	{
 		postmaster_error("failed to create SSL context: %s",
-						 ERR_reason_error_string(ERR_get_error()));
+						 SSLerrmessage());
 		ExitPostmaster(1);
 	}
 	snprintf(fnbuf, sizeof(fnbuf), "%s/server.crt", DataDir);
 	if (!SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
 	{
 		postmaster_error("failed to load server certificate (%s): %s",
-						 fnbuf, ERR_reason_error_string(ERR_get_error()));
+						 fnbuf, SSLerrmessage());
 		ExitPostmaster(1);
 	}
 	snprintf(fnbuf, sizeof(fnbuf), "%s/server.key", DataDir);
 	if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
 	{
 		postmaster_error("failed to load private key file (%s): %s",
-						 fnbuf, ERR_reason_error_string(ERR_get_error()));
+						 fnbuf, SSLerrmessage());
 		ExitPostmaster(1);
 	}
 	if (!SSL_CTX_check_private_key(SSL_context))
 	{
 		postmaster_error("check of private key failed: %s",
-						 ERR_reason_error_string(ERR_get_error()));
+						 SSLerrmessage());
 		ExitPostmaster(1);
 	}
 }
-#endif
+
+/*
+ * Obtain reason string for last SSL error
+ *
+ * Some caution is needed here since ERR_reason_error_string will
+ * return NULL if it doesn't recognize the error code.  We don't
+ * want to return NULL ever.
+ */
+static const char *
+SSLerrmessage(void)
+{
+	unsigned long	errcode;
+	const char	   *errreason;
+	static char		errbuf[32];
+
+	errcode = ERR_get_error();
+	if (errcode == 0)
+		return "No SSL error reported";
+	errreason = ERR_reason_error_string(errcode);
+	if (errreason != NULL)
+		return errreason;
+	snprintf(errbuf, sizeof(errbuf), "SSL error code %lu", errcode);
+	return errbuf;
+}
+
+#endif /* USE_SSL */
 
 /*
  * Fire off a subprocess for startup/shutdown/checkpoint.
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.180 2001/11/05 17:46:37 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.181 2001/11/11 02:09:05 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -186,6 +186,9 @@ static char *conninfo_getval(PQconninfoOption *connOptions,
 static void defaultNoticeProcessor(void *arg, const char *message);
 static int parseServiceInfo(PQconninfoOption *options,
 				 PQExpBuffer errorMessage);
+#ifdef USE_SSL
+static const char *SSLerrmessage(void);
+#endif
 
 
 /*
@@ -961,7 +964,7 @@ connectDBStart(PGconn *conn)
 				{
 					printfPQExpBuffer(&conn->errorMessage,
 					 libpq_gettext("could not create SSL context: %s\n"),
-							   ERR_reason_error_string(ERR_get_error()));
+									  SSLerrmessage());
 					goto connect_errReturn;
 				}
 			}
@@ -971,7 +974,7 @@ connectDBStart(PGconn *conn)
 			{
 				printfPQExpBuffer(&conn->errorMessage,
 				libpq_gettext("could not establish SSL connection: %s\n"),
-							   ERR_reason_error_string(ERR_get_error()));
+								  SSLerrmessage());
 				goto connect_errReturn;
 			}
 			/* SSL connection finished. Continue to send startup packet */
@@ -981,7 +984,12 @@ connectDBStart(PGconn *conn)
 			/* Received error - probably protocol mismatch */
 			if (conn->Pfdebug)
 				fprintf(conn->Pfdebug, "Postmaster reports error, attempting fallback to pre-7.0.\n");
+#ifdef WIN32
+			closesocket(conn->sock);
+#else
 			close(conn->sock);
+#endif
+			conn->sock = -1;
 			conn->allow_ssl_try = FALSE;
 			return connectDBStart(conn);
 		}
@@ -2610,6 +2618,36 @@ PQconninfoFree(PQconninfoOption *connOptions)
 	free(connOptions);
 }
 
+
+#ifdef USE_SSL
+
+/*
+ * Obtain reason string for last SSL error
+ *
+ * Some caution is needed here since ERR_reason_error_string will
+ * return NULL if it doesn't recognize the error code.  We don't
+ * want to return NULL ever.
+ */
+static const char *
+SSLerrmessage(void)
+{
+	unsigned long	errcode;
+	const char	   *errreason;
+	static char		errbuf[32];
+
+	errcode = ERR_get_error();
+	if (errcode == 0)
+		return "No SSL error reported";
+	errreason = ERR_reason_error_string(errcode);
+	if (errreason != NULL)
+		return errreason;
+	snprintf(errbuf, sizeof(errbuf), "SSL error code %lu", errcode);
+	return errbuf;
+}
+
+#endif /* USE_SSL */
+
+
 /* =========== accessor functions for PGconn ========= */
 char *
 PQdb(const PGconn *conn)

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@`
`37`	`37`	`*`
`38`	`38`	`*`
`39`	`39`	`* IDENTIFICATION`
`40`		`- * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.259 2001/11/10 23:06:12 tgl Exp $`
	`40`	`+ * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.260 2001/11/11 02:09:05 tgl Exp $`
`41`	`41`	`*`
`42`	`42`	`* NOTES`
`43`	`43`	`*`
`@@ -271,6 +271,7 @@ __attribute__((format(printf, 1, 2)));`
`271`	`271`
`272`	`272`	`#ifdef USE_SSL`
`273`	`273`	`static void InitSSL(void);`
	`274`	`+static const char *SSLerrmessage(void);`
`274`	`275`	`#endif`
`275`	`276`
`276`	`277`
`@@ -1108,8 +1109,8 @@ ProcessStartupPacket(Port *port, bool SSLdone)`
`1108`	`1109`	`!SSL_set_fd(port->ssl, port->sock) \|\|`
`1109`	`1110`	`SSL_accept(port->ssl) <= 0)`
`1110`	`1111`	`{`
`1111`		`- elog(DEBUG, "failed to initialize SSL connection: %s (%s)",`
`1112`		`- ERR_reason_error_string(ERR_get_error()), strerror(errno));`
	`1112`	`+ elog(DEBUG, "failed to initialize SSL connection: %s (%m)",`
	`1113`	`+ SSLerrmessage());`
`1113`	`1114`	`return STATUS_ERROR;`
`1114`	`1115`	`}`
`1115`	`1116`	`}`
`@@ -2379,6 +2380,7 @@ CountChildren(void)`
`2379`	`2380`	`}`
`2380`	`2381`
`2381`	`2382`	`#ifdef USE_SSL`
	`2383`	`+`
`2382`	`2384`	`/*`
`2383`	`2385`	`* Initialize SSL library and structures`
`2384`	`2386`	`*/`
`@@ -2393,31 +2395,56 @@ InitSSL(void)`
`2393`	`2395`	`if (!SSL_context)`
`2394`	`2396`	`{`
`2395`	`2397`	`postmaster_error("failed to create SSL context: %s",`
`2396`		`- ERR_reason_error_string(ERR_get_error()));`
	`2398`	`+ SSLerrmessage());`
`2397`	`2399`	`ExitPostmaster(1);`
`2398`	`2400`	`}`
`2399`	`2401`	`snprintf(fnbuf, sizeof(fnbuf), "%s/server.crt", DataDir);`
`2400`	`2402`	`if (!SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))`
`2401`	`2403`	`{`
`2402`	`2404`	`postmaster_error("failed to load server certificate (%s): %s",`
`2403`		`- fnbuf, ERR_reason_error_string(ERR_get_error()));`
	`2405`	`+ fnbuf, SSLerrmessage());`
`2404`	`2406`	`ExitPostmaster(1);`
`2405`	`2407`	`}`
`2406`	`2408`	`snprintf(fnbuf, sizeof(fnbuf), "%s/server.key", DataDir);`
`2407`	`2409`	`if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))`
`2408`	`2410`	`{`
`2409`	`2411`	`postmaster_error("failed to load private key file (%s): %s",`
`2410`		`- fnbuf, ERR_reason_error_string(ERR_get_error()));`
	`2412`	`+ fnbuf, SSLerrmessage());`
`2411`	`2413`	`ExitPostmaster(1);`
`2412`	`2414`	`}`
`2413`	`2415`	`if (!SSL_CTX_check_private_key(SSL_context))`
`2414`	`2416`	`{`
`2415`	`2417`	`postmaster_error("check of private key failed: %s",`
`2416`		`- ERR_reason_error_string(ERR_get_error()));`
	`2418`	`+ SSLerrmessage());`
`2417`	`2419`	`ExitPostmaster(1);`
`2418`	`2420`	`}`
`2419`	`2421`	`}`
`2420`		`-#endif`
	`2422`	`+`
	`2423`	`+/*`
	`2424`	`+ * Obtain reason string for last SSL error`
	`2425`	`+ *`
	`2426`	`+ * Some caution is needed here since ERR_reason_error_string will`
	`2427`	`+ * return NULL if it doesn't recognize the error code. We don't`
	`2428`	`+ * want to return NULL ever.`
	`2429`	`+ */`
	`2430`	`+static const char *`
	`2431`	`+SSLerrmessage(void)`
	`2432`	`+{`
	`2433`	`+ unsigned long errcode;`
	`2434`	`+ const char *errreason;`
	`2435`	`+ static char errbuf[32];`
	`2436`	`+`
	`2437`	`+ errcode = ERR_get_error();`
	`2438`	`+ if (errcode == 0)`
	`2439`	`+ return "No SSL error reported";`
	`2440`	`+ errreason = ERR_reason_error_string(errcode);`
	`2441`	`+ if (errreason != NULL)`
	`2442`	`+ return errreason;`
	`2443`	`+ snprintf(errbuf, sizeof(errbuf), "SSL error code %lu", errcode);`
	`2444`	`+ return errbuf;`
	`2445`	`+}`
	`2446`	`+`
	`2447`	`+#endif /* USE_SSL */`
`2421`	`2448`
`2422`	`2449`	`/*`
`2423`	`2450`	`* Fire off a subprocess for startup/shutdown/checkpoint.`