Skip to content

Commit 28120a0

Browse files
alvherrealvherre
committed
Add more sanity checks in contrib/sslinfo
We were missing a few return checks on OpenSSL calls. Should be pretty harmless, since we haven't seen any user reports about problems, and this is not a high-traffic module anyway; still, a bug is a bug, so backpatch this all the way back to 9.0. Author: Michael Paquier, while reviewing another sslinfo patch
1 parent fde40e5 commit 28120a0

File tree

1 file changed

+22
-3
lines changed

1 file changed

+22
-3
lines changed

contrib/sslinfo/sslinfo.c

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,10 @@ ASN1_STRING_to_text(ASN1_STRING *str)
149149
text *result;
150150

151151
membuf = BIO_new(BIO_s_mem());
152+
if (membuf == NULL)
153+
ereport(ERROR,
154+
(errcode(ERRCODE_OUT_OF_MEMORY),
155+
errmsg("failed to create OpenSSL BIO structure")));
152156
(void) BIO_set_close(membuf, BIO_CLOSE);
153157
ASN1_STRING_print_ex(membuf, str,
154158
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -164,7 +168,8 @@ ASN1_STRING_to_text(ASN1_STRING *str)
164168
result = cstring_to_text(dp);
165169
if (dp != sp)
166170
pfree(dp);
167-
BIO_free(membuf);
171+
if (BIO_free(membuf) != 1)
172+
elog(ERROR, "failed to free OpenSSL BIO structure");
168173

169174
PG_RETURN_TEXT_P(result);
170175
}
@@ -303,15 +308,28 @@ X509_NAME_to_text(X509_NAME *name)
303308
char *dp;
304309
text *result;
305310

311+
if (membuf == NULL)
312+
ereport(ERROR,
313+
(errcode(ERRCODE_OUT_OF_MEMORY),
314+
errmsg("failed to create BIO")));
315+
306316
(void) BIO_set_close(membuf, BIO_CLOSE);
307317
for (i = 0; i < count; i++)
308318
{
309319
e = X509_NAME_get_entry(name, i);
310320
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
321+
if (nid == NID_undef)
322+
ereport(ERROR,
323+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
324+
errmsg("failed to get NID for ASN1_OBJECT object")));
311325
v = X509_NAME_ENTRY_get_data(e);
312326
field_name = OBJ_nid2sn(nid);
313-
if (!field_name)
327+
if (field_name == NULL)
314328
field_name = OBJ_nid2ln(nid);
329+
if (field_name == NULL)
330+
ereport(ERROR,
331+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
332+
errmsg("failed to convert NID %d to an ASN1_OBJECT structure", nid)));
315333
BIO_printf(membuf, "/%s=", field_name);
316334
ASN1_STRING_print_ex(membuf, v,
317335
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
@@ -329,7 +347,8 @@ X509_NAME_to_text(X509_NAME *name)
329347
result = cstring_to_text(dp);
330348
if (dp != sp)
331349
pfree(dp);
332-
BIO_free(membuf);
350+
if (BIO_free(membuf) != 1)
351+
elog(ERROR, "failed to free OpenSSL BIO structure");
333352

334353
PG_RETURN_TEXT_P(result);
335354
}

0 commit comments

Comments
 (0)