From e0cd175212991c8fcd82d5fe3685f75de4bbaf0e Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 18 Dec 2003 22:49:26 +0000 Subject: [PATCH] Fix memory leak with SSL connections due to missing X509_free() calls. Per Neil Conway. --- src/backend/libpq/be-secure.c | 11 ++++++++++- src/interfaces/libpq/fe-secure.c | 8 +++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 0f4ff4d925..639b7a0245 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.44 2003/11/29 19:51:49 pgsql Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.45 2003/12/18 22:49:26 tgl Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -714,6 +714,9 @@ destroy_SSL(void) static int open_server_SSL(Port *port) { + Assert(!port->ssl); + Assert(!port->peer); + if (!(port->ssl = SSL_new(SSL_context)) || !SSL_set_fd(port->ssl, port->sock) || SSL_accept(port->ssl) <= 0) @@ -764,6 +767,12 @@ close_SSL(Port *port) SSL_free(port->ssl); port->ssl = NULL; } + + if (port->peer) + { + X509_free(port->peer); + port->peer = NULL; + } } /* diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index d31e9c3f77..34f94b0ad0 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.33 2003/11/29 19:52:12 pgsql Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.34 2003/12/18 22:49:26 tgl Exp $ * * NOTES * The client *requires* a valid server certificate. Since @@ -1004,6 +1004,12 @@ close_SSL(PGconn *conn) SSL_free(conn->ssl); conn->ssl = NULL; } + + if (conn->peer) + { + X509_free(conn->peer); + conn->peer = NULL; + } } /* -- GitLab