Fix potential memory leak in pgcrypto

michaelpq · michaelpq · commit ca2a12c935f7 · 2020-10-19T09:36:56.000+09:00
When allocating a EVP context, it would have been possible to leak some memory allocated directly by OpenSSL, that PostgreSQL lost track of if the initialization of the context allocated failed. The cleanup can be done with EVP_MD_CTX_destroy(). Note that EVP APIs exist since OpenSSL 0.9.7 and we have in the tree equivalent implementations for older versions since ce9b75d (code removed with 9b7cd59 as of 10~). However, in 9.5 and 9.6, the existing code makes use of EVP_MD_CTX_destroy() and EVP_MD_CTX_create() without an equivalent implementation when building the tree with OpenSSL 0.9.6 or older, meaning that this code is in reality broken with such versions since it got introduced in e2838c5. As we have heard no complains about that, it does not seem worth bothering with in 9.5 and 9.6, so I have left that out for simplicity. Author: Michael Paquier Discussion: https://postgr.es/m/20201015072212.GC2305@paquier.xyz Backpatch-through: 9.5
diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c
@@ -202,6 +202,7 @@ px_find_digest(const char *name, PX_MD **res)
 	}
 	if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
 	{
+		EVP_MD_CTX_destroy(ctx);
 		pfree(digest);
 		return -1;
 	}

Original file line number	Diff line number	Diff line change
`@@ -202,6 +202,7 @@ px_find_digest(const char name, PX_MD *res)`
`202`	`202`	`}`
`203`	`203`	`if (EVP_DigestInit_ex(ctx, md, NULL) == 0)`
`204`	`204`	`{`
	`205`	`+ EVP_MD_CTX_destroy(ctx);`
`205`	`206`	`pfree(digest);`
`206`	`207`	`return -1;`
`207`	`208`	`}`