Skip to content

Commit 8582cf1

Browse files
alvherrealvherre
committed
Add more sanity checks in contrib/sslinfo
We were missing a few return checks on OpenSSL calls. Should be pretty harmless, since we haven't seen any user reports about problems, and this is not a high-traffic module anyway; still, a bug is a bug, so backpatch this all the way back to 9.0. Author: Michael Paquier, while reviewing another sslinfo patch
1 parent 0198a8d commit 8582cf1

File tree

1 file changed

+22
-3
lines changed

1 file changed

+22
-3
lines changed

contrib/sslinfo/sslinfo.c

+22-3
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,10 @@ ASN1_STRING_to_text(ASN1_STRING *str)
140140
text *result;
141141

142142
membuf = BIO_new(BIO_s_mem());
143+
if (membuf == NULL)
144+
ereport(ERROR,
145+
(errcode(ERRCODE_OUT_OF_MEMORY),
146+
errmsg("failed to create OpenSSL BIO structure")));
143147
(void) BIO_set_close(membuf, BIO_CLOSE);
144148
ASN1_STRING_print_ex(membuf, str,
145149
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -152,7 +156,8 @@ ASN1_STRING_to_text(ASN1_STRING *str)
152156
result = cstring_to_text(dp);
153157
if (dp != sp)
154158
pfree(dp);
155-
BIO_free(membuf);
159+
if (BIO_free(membuf) != 1)
160+
elog(ERROR, "failed to free OpenSSL BIO structure");
156161

157162
PG_RETURN_TEXT_P(result);
158163
}
@@ -291,15 +296,28 @@ X509_NAME_to_text(X509_NAME *name)
291296
char *dp;
292297
text *result;
293298

299+
if (membuf == NULL)
300+
ereport(ERROR,
301+
(errcode(ERRCODE_OUT_OF_MEMORY),
302+
errmsg("failed to create BIO")));
303+
294304
(void) BIO_set_close(membuf, BIO_CLOSE);
295305
for (i = 0; i < count; i++)
296306
{
297307
e = X509_NAME_get_entry(name, i);
298308
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
309+
if (nid == NID_undef)
310+
ereport(ERROR,
311+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
312+
errmsg("failed to get NID for ASN1_OBJECT object")));
299313
v = X509_NAME_ENTRY_get_data(e);
300314
field_name = OBJ_nid2sn(nid);
301-
if (!field_name)
315+
if (field_name == NULL)
302316
field_name = OBJ_nid2ln(nid);
317+
if (field_name == NULL)
318+
ereport(ERROR,
319+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
320+
errmsg("failed to convert NID %d to an ASN1_OBJECT structure", nid)));
303321
BIO_printf(membuf, "/%s=", field_name);
304322
ASN1_STRING_print_ex(membuf, v,
305323
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -314,7 +332,8 @@ X509_NAME_to_text(X509_NAME *name)
314332
result = cstring_to_text(dp);
315333
if (dp != sp)
316334
pfree(dp);
317-
BIO_free(membuf);
335+
if (BIO_free(membuf) != 1)
336+
elog(ERROR, "failed to free OpenSSL BIO structure");
318337

319338
PG_RETURN_TEXT_P(result);
320339
}

0 commit comments

Comments
 (0)