Fix memory leak when initializing DH parameters in backend

tglsfdc · tglsfdc · commit 992cba94d38e · 2021-03-20T12:38:22.000-04:00
When loading DH parameters used for the generation of ephemeral DH keys in the backend, the code has never bothered releasing the memory used for the DH information loaded from a file or from libpq's default. This commit makes sure that the information is properly free()'d. Back-patch of e0e569e. We originally thought the leak was minor and not worth back-patching, but Jelte Fennema pointed out that repeated SIGHUP's can result in very serious bloat of the postmaster, which is then multiplied by being duplicated into eadh forked child. Back-patch to v10; the code looked different before c0a15e0, and didn't have a leak in the actually-live code paths. Michael Paquier Discussion: https://postgr.es/m/16160-18367e56e9a28264@postgresql.org
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
@@ -1029,8 +1029,11 @@ initialize_dh(SSL_CTX *context, bool isServerStart)
 				(errcode(ERRCODE_CONFIG_FILE_ERROR),
 				 (errmsg("DH: could not set DH parameters: %s",
 						 SSLerrmessage(ERR_get_error())))));
+		DH_free(dh);
 		return false;
 	}
+
+	DH_free(dh);
 	return true;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1029,8 +1029,11 @@ initialize_dh(SSL_CTX *context, bool isServerStart)`
`1029`	`1029`	`(errcode(ERRCODE_CONFIG_FILE_ERROR),`
`1030`	`1030`	`(errmsg("DH: could not set DH parameters: %s",`
`1031`	`1031`	`SSLerrmessage(ERR_get_error())))));`
	`1032`	`+ DH_free(dh);`
`1032`	`1033`	`return false;`
`1033`	`1034`	`}`
	`1035`	`+`
	`1036`	`+ DH_free(dh);`
`1034`	`1037`	`return true;`
`1035`	`1038`	`}`
`1036`	`1039`