database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00
Code Activity

Fix assorted error-cleanup bugs in SSL min/max protocol version code.

Browse Source 
The error exits added to initialize_SSL() failed to clean up the
partially-built SSL_context, and some of them also leaked the
result of SSLerrmessage().  Make them match other error-handling
cases in that function.

The error exits added to connectOptions2() failed to set conn->status
like every other error exit in that function.

In passing, make the SSL_get_peer_certificate() error exit look more
like all the other calls of SSLerrmessage().

Oversights in commit ff8ca5fad.  Coverity whined about leakage of the
SSLerrmessage() results; I noted the rest in manual code review.
This commit is contained in:
Tom Lane
2020-02-02 13:09:33 -05:00
parent 1fd687a035
commit 6148e2b9a6
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/interfaces/libpq/fe-connect.c
View File

@ -1306,6 +1306,7 @@ connectOptions2(PGconn *conn)
*/
if (!sslVerifyProtocolVersion(conn->sslminprotocolversion))
{
conn->status = CONNECTION_BAD;
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("invalid sslminprotocolversion value: \"%s\"\n"),
conn->sslminprotocolversion);
@ -1313,6 +1314,7 @@ connectOptions2(PGconn *conn)
}
if (!sslVerifyProtocolVersion(conn->sslmaxprotocolversion))
{
conn->status = CONNECTION_BAD;
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("invalid sslmaxprotocolversion value: \"%s\"\n"),
conn->sslmaxprotocolversion);
@ -1329,6 +1331,7 @@ connectOptions2(PGconn *conn)
if (!sslVerifyProtocolRange(conn->sslminprotocolversion,
conn->sslmaxprotocolversion))
{
conn->status = CONNECTION_BAD;
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("invalid SSL protocol version range"));
return false;