Re: pgcrypto: fix memory leak in openssl.c

From: "Marko Kreen" <markokr(at)gmail(dot)com>
To: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Cc: "Daniel Blaisdell" <lunk(dot)djedi(at)gmail(dot)com>, "Michael Fuhr" <mike(at)fuhr(dot)org>
Subject: Re: pgcrypto: fix memory leak in openssl.c
Date: 2006-02-20 13:06:34
Message-ID: e51f66da0602200506o2537e171n807d1077d55514ac@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

On 2/18/06, Marko Kreen <markokr(at)gmail(dot)com> wrote:
> pgcrypto crypt()/md5 and hmac() leak memory when compiled against
> OpenSSL as openssl.c digest ->reset will do two DigestInit calls
> against a context. This happened to work with OpenSSL 0.9.6
> but not with 0.9.7+.

Ugh, seems I read the old code slightly wrong. The leak happens
also with regular digest(), although it will leak only 1 context
instance, not the 1000+ as the crypt-md5 does. And on 8.1 there
is pgp_sym_encrypt that also does lots of resets on one context,
like crypt-md5. In addition it does regular digest() in several
places. So if compiled against OpenSSL, its leaking everywhere.

The positive side is that only 8.1 has openssl autoconfiguration,
older versions default to builtin algorithms that can be changed
only by editing Makefile, thus most packages are hopefully safe.

--
marko

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Tom Lane 2006-02-20 15:05:47 Re: pgcrypto: fix memory leak in openssl.c
Previous Message Martijn van Oosterhout 2006-02-20 11:57:24 [PATCH] WIP: Create shell-types explicitly