Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit d94c36a

Browse files
alvherrealvherre
committed
Add more sanity checks in contrib/sslinfo
We were missing a few return checks on OpenSSL calls. Should be pretty harmless, since we haven't seen any user reports about problems, and this is not a high-traffic module anyway; still, a bug is a bug, so backpatch this all the way back to 9.0. Author: Michael Paquier, while reviewing another sslinfo patch
1 parent f828654 commit d94c36a

File tree

1 file changed

+22
-3
lines changed

1 file changed

+22
-3
lines changed

contrib/sslinfo/sslinfo.c

+22-3
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,10 @@ ASN1_STRING_to_text(ASN1_STRING *str)
138138
text *result;
139139

140140
membuf = BIO_new(BIO_s_mem());
141+
if (membuf == NULL)
142+
ereport(ERROR,
143+
(errcode(ERRCODE_OUT_OF_MEMORY),
144+
errmsg("failed to create OpenSSL BIO structure")));
141145
(void) BIO_set_close(membuf, BIO_CLOSE);
142146
ASN1_STRING_print_ex(membuf, str,
143147
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -150,7 +154,8 @@ ASN1_STRING_to_text(ASN1_STRING *str)
150154
result = cstring_to_text(dp);
151155
if (dp != sp)
152156
pfree(dp);
153-
BIO_free(membuf);
157+
if (BIO_free(membuf) != 1)
158+
elog(ERROR, "failed to free OpenSSL BIO structure");
154159

155160
PG_RETURN_TEXT_P(result);
156161
}
@@ -289,15 +294,28 @@ X509_NAME_to_text(X509_NAME *name)
289294
char *dp;
290295
text *result;
291296

297+
if (membuf == NULL)
298+
ereport(ERROR,
299+
(errcode(ERRCODE_OUT_OF_MEMORY),
300+
errmsg("failed to create BIO")));
301+
292302
(void) BIO_set_close(membuf, BIO_CLOSE);
293303
for (i = 0; i < count; i++)
294304
{
295305
e = X509_NAME_get_entry(name, i);
296306
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
307+
if (nid == NID_undef)
308+
ereport(ERROR,
309+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
310+
errmsg("failed to get NID for ASN1_OBJECT object")));
297311
v = X509_NAME_ENTRY_get_data(e);
298312
field_name = OBJ_nid2sn(nid);
299-
if (!field_name)
313+
if (field_name == NULL)
300314
field_name = OBJ_nid2ln(nid);
315+
if (field_name == NULL)
316+
ereport(ERROR,
317+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
318+
errmsg("failed to convert NID %d to an ASN1_OBJECT structure", nid)));
301319
BIO_printf(membuf, "/%s=", field_name);
302320
ASN1_STRING_print_ex(membuf, v,
303321
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -312,7 +330,8 @@ X509_NAME_to_text(X509_NAME *name)
312330
result = cstring_to_text(dp);
313331
if (dp != sp)
314332
pfree(dp);
315-
BIO_free(membuf);
333+
if (BIO_free(membuf) != 1)
334+
elog(ERROR, "failed to free OpenSSL BIO structure");
316335

317336
PG_RETURN_TEXT_P(result);
318337
}

0 commit comments

Comments
 (0)