From e5e295d5008be7aabe47f803d808aae260ec9ba6 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Wed, 22 Apr 2020 07:28:04 +0900 Subject: [PATCH] Fix memory leak in libpq when using sslmode=verify-full Checking if Subject Alternative Names (SANs) from a certificate match with the hostname connected to leaked memory after each lookup done. This is broken since acd08d7 that added support for SANs in SSL certificates, so backpatch down to 9.5. Author: Roman Peshkurov Reviewed-by: Hamid Akhtar, Michael Paquier, David Steele Discussion: https://postgr.es/m/CALLDf-pZ-E3mjxd5=bnHsDu9zHEOnpgPgdnO84E2RuwMCjjyPw@mail.gmail.com Backpatch-through: 9.5 --- src/interfaces/libpq/fe-secure-openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 84eb024d6b9..795e6a6919a 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -619,7 +619,7 @@ verify_peer_name_matches_certificate(PGconn *conn) if (found_match || got_error) break; } - sk_GENERAL_NAME_free(peer_san); + sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free); } /* -- 2.39.5