mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add more sanity checks in contrib/sslinfo

Browse Source 
We were missing a few return checks on OpenSSL calls.  Should be pretty
harmless, since we haven't seen any user reports about problems, and
this is not a high-traffic module anyway; still, a bug is a bug, so
backpatch this all the way back to 9.0.

Author: Michael Paquier, while reviewing another sslinfo patch
This commit is contained in:
Alvaro Herrera 2015-09-07 19:18:29 -03:00
parent f828654e10
commit d94c36a45a
1 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
contrib/sslinfo/sslinfo.c
View File

@ -138,6 +138,10 @@ ASN1_STRING_to_text(ASN1_STRING *str)
text *result; text *result;
membuf = BIO_new(BIO_s_mem()); membuf = BIO_new(BIO_s_mem());
if (membuf == NULL)
ereport(ERROR,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("failed to create OpenSSL BIO structure")));
(void) BIO_set_close(membuf, BIO_CLOSE); (void) BIO_set_close(membuf, BIO_CLOSE);
ASN1_STRING_print_ex(membuf, str, ASN1_STRING_print_ex(membuf, str,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB) ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@ -150,7 +154,8 @@ ASN1_STRING_to_text(ASN1_STRING *str)
result = cstring_to_text(dp); result = cstring_to_text(dp);
if (dp != sp) if (dp != sp)
pfree(dp); pfree(dp);
BIO_free(membuf); if (BIO_free(membuf) != 1)
elog(ERROR, "failed to free OpenSSL BIO structure");
PG_RETURN_TEXT_P(result); PG_RETURN_TEXT_P(result);
} }
@ -289,15 +294,28 @@ X509_NAME_to_text(X509_NAME *name)
char *dp; char *dp;
text *result; text *result;
if (membuf == NULL)
ereport(ERROR,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("failed to create BIO")));
(void) BIO_set_close(membuf, BIO_CLOSE); (void) BIO_set_close(membuf, BIO_CLOSE);
for (i = 0; i < count; i++) for (i = 0; i < count; i++)
{ {
e = X509_NAME_get_entry(name, i); e = X509_NAME_get_entry(name, i);
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e)); nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
if (nid == NID_undef)
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("failed to get NID for ASN1_OBJECT object")));
v = X509_NAME_ENTRY_get_data(e); v = X509_NAME_ENTRY_get_data(e);
field_name = OBJ_nid2sn(nid); field_name = OBJ_nid2sn(nid);
if (!field_name) if (field_name == NULL)
field_name = OBJ_nid2ln(nid); field_name = OBJ_nid2ln(nid);
if (field_name == NULL)
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("failed to convert NID %d to an ASN1_OBJECT structure", nid)));
BIO_printf(membuf, "/%s=", field_name); BIO_printf(membuf, "/%s=", field_name);
ASN1_STRING_print_ex(membuf, v, ASN1_STRING_print_ex(membuf, v,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB) ((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@ -312,7 +330,8 @@ X509_NAME_to_text(X509_NAME *name)
result = cstring_to_text(dp); result = cstring_to_text(dp);
if (dp != sp) if (dp != sp)
pfree(dp); pfree(dp);
BIO_free(membuf); if (BIO_free(membuf) != 1)
elog(ERROR, "failed to free OpenSSL BIO structure");
PG_RETURN_TEXT_P(result); PG_RETURN_TEXT_P(result);
} }