Skip to content

Commit 13cfa02

Browse files
mhagandermhagander
committed
Improve error handling in backend OpenSSL implementation
Commit d94c36a introduced error handling to sslinfo to handle OpenSSL errors gracefully. This ports this errorhandling to the backend TLS implementation. Author: Daniel Gustafsson <daniel@yesql.se>
1 parent 5d1833f commit 13cfa02

File tree

1 file changed

+16
-2
lines changed

1 file changed

+16
-2
lines changed

src/backend/libpq/be-secure-openssl.c

+16-2
Original file line numberDiff line numberDiff line change
@@ -1298,15 +1298,28 @@ X509_NAME_to_cstring(X509_NAME *name)
12981298
char *dp;
12991299
char *result;
13001300

1301+
if (membuf == NULL)
1302+
ereport(ERROR,
1303+
(errcode(ERRCODE_OUT_OF_MEMORY),
1304+
errmsg("failed to create BIO")));
1305+
13011306
(void) BIO_set_close(membuf, BIO_CLOSE);
13021307
for (i = 0; i < count; i++)
13031308
{
13041309
e = X509_NAME_get_entry(name, i);
13051310
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
1311+
if (nid == NID_undef)
1312+
ereport(ERROR,
1313+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1314+
errmsg("could not get NID for ASN1_OBJECT object")));
13061315
v = X509_NAME_ENTRY_get_data(e);
13071316
field_name = OBJ_nid2sn(nid);
1308-
if (!field_name)
1317+
if (field_name == NULL)
13091318
field_name = OBJ_nid2ln(nid);
1319+
if (field_name == NULL)
1320+
ereport(ERROR,
1321+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1322+
errmsg("could not convert NID %d to an ASN1_OBJECT structure", nid)));
13101323
BIO_printf(membuf, "/%s=", field_name);
13111324
ASN1_STRING_print_ex(membuf, v,
13121325
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -1322,7 +1335,8 @@ X509_NAME_to_cstring(X509_NAME *name)
13221335
result = pstrdup(dp);
13231336
if (dp != sp)
13241337
pfree(dp);
1325-
BIO_free(membuf);
1338+
if (BIO_free(membuf) != 1)
1339+
elog(ERROR, "could not free OpenSSL BIO structure");
13261340

13271341
return result;
13281342
}

0 commit comments

Comments
 (0)