From e37e9a65517552e79614a1c81c8aff216d033e59 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 15 Aug 2022 15:40:07 -0400
Subject: [PATCH] Add missing bad-PGconn guards in libpq entry points.

There's a convention that externally-visible libpq functions should
check for a NULL PGconn pointer, and fail gracefully instead of
crashing.  PQflush() and PQisnonblocking() didn't get that memo
though.  Also add a similar check to PQdefaultSSLKeyPassHook_OpenSSL;
while it's not clear that ordinary usage could reach that with a
null conn pointer, it's cheap enough to check, so let's be consistent.

Daniele Varrazzo and Tom Lane

Discussion: https://postgr.es/m/CA+mi_8Zm_mVVyW1iNFgyMd9Oh0Nv8-F+7Y3-BqwMgTMHuo_h2Q@mail.gmail.com
---
 src/interfaces/libpq/fe-exec.c           | 4 ++++
 src/interfaces/libpq/fe-secure-openssl.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c
index 9c465b1f967..feb5085ce57 100644
--- a/src/interfaces/libpq/fe-exec.c
+++ b/src/interfaces/libpq/fe-exec.c
@@ -3267,6 +3267,8 @@ PQsetnonblocking(PGconn *conn, int arg)
 int
 PQisnonblocking(const PGconn *conn)
 {
+	if (!conn || conn->status == CONNECTION_BAD)
+		return false;
 	return pqIsnonblocking(conn);
 }
 
@@ -3286,6 +3288,8 @@ PQisthreadsafe(void)
 int
 PQflush(PGconn *conn)
 {
+	if (!conn || conn->status == CONNECTION_BAD)
+		return -1;
 	return pqFlush(conn);
 }
 
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 196737563df..26615a1aa42 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1747,7 +1747,7 @@ err:
 int
 PQdefaultSSLKeyPassHook_OpenSSL(char *buf, int size, PGconn *conn)
 {
-	if (conn->sslpassword)
+	if (conn && conn->sslpassword)
 	{
 		if (strlen(conn->sslpassword) + 1 > size)
 			fprintf(stderr, libpq_gettext("WARNING: sslpassword truncated\n"));