From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 22 Jun 2026 16:59:16 +0000 (-0400)
Subject: pgcrypto: avoid recursive ResourceOwnerForget().
X-Git-Url: http://git.ipfire.org/index.cgi?a=commitdiff_plain;h=HEAD;p=thirdparty%2Fpostgresql.git

pgcrypto: avoid recursive ResourceOwnerForget().

Raising an error within a function using an OSSLCipher object led
to a complaint from ResourceOwnerForget and then a double-free crash,
because ResOwnerReleaseOSSLCipher forgot to unhook the OSSLCipher
object from its owner.  (The sibling logic for OSSLDigest objects got
this right, as did every other ReleaseResource function AFAICS.)

Oversight in cd694f60d.

Bug: #19527
Reported-by: Yuelin Wang <3020001251@tju.edu.cn>
Author: Yuelin Wang <3020001251@tju.edu.cn>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/19527-6e7686960c6dce78@postgresql.org
Backpatch-through: 17
---

diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c
index d3c12e7fda3..c4ab2d6c714 100644
--- a/contrib/pgcrypto/openssl.c
+++ b/contrib/pgcrypto/openssl.c
@@ -832,7 +832,10 @@ px_find_cipher(const char *name, PX_Cipher **res)
 static void
 ResOwnerReleaseOSSLCipher(Datum res)
 {
-	free_openssl_cipher((OSSLCipher *) DatumGetPointer(res));
+	OSSLCipher *cipher = (OSSLCipher *) DatumGetPointer(res);
+
+	cipher->owner = NULL;
+	free_openssl_cipher(cipher);
 }
 
 /*