| From: | Sergey Shinderuk <s(dot)shinderuk(at)postgrespro(dot)ru> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Fix error handling in be_tls_open_server() |
| Date: | 2023-08-24 08:11:49 |
| Message-ID: | 1e4638b3-1456-6c03-45c2-8848c06fc993@postgrespro.ru |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 23.08.2023 16:23, Daniel Gustafsson wrote:
>> On 1 Aug 2023, at 16:44, Sergey Shinderuk <s(dot)shinderuk(at)postgrespro(dot)ru> wrote:
>
>> A static analyzer reported a possible pfree(NULL) in be_tls_open_server().
>
> This has the smell of a theoretical problem, I can't really imagine a
> certificate where which would produce this. Have you been able to trigger it?
I triggered a crash by generating a certificate without a CN and forcing
malloc to return NULL when called from X509_NAME_print_ex or
BIO_get_mem_ptr with gdb.
Initially I tried to trigger a crash by generating a certificate without
a CN and with a DN contaning the null byte. But as I said, the error
condition "SSL certificate's distinguished name contains embedded null"
isn't really reachable, because XN_FLAG_RFC2253 escapes null bytes.
--
Sergey Shinderuk https://postgrespro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kyotaro Horiguchi | 2023-08-24 08:15:00 | Re: Should the archiver process always make sure that the timeline history files exist in the archive? |
| Previous Message | Alvaro Herrera | 2023-08-24 07:50:44 | Re: subscription/015_stream sometimes breaks |