From 80bb0ebcc11fb9cb5904d490640408b3d7003a17 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 22 Jun 2026 12:59:16 -0400
Subject: [PATCH] pgcrypto: avoid recursive ResourceOwnerForget().

Raising an error within a function using an OSSLCipher object led
to a complaint from ResourceOwnerForget and then a double-free crash,
because ResOwnerReleaseOSSLCipher forgot to unhook the OSSLCipher
object from its owner.  (The sibling logic for OSSLDigest objects got
this right, as did every other ReleaseResource function AFAICS.)

Oversight in cd694f60d.

Bug: #19527
Reported-by: Yuelin Wang <3020001251@tju.edu.cn>
Author: Yuelin Wang <3020001251@tju.edu.cn>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/19527-6e7686960c6dce78@postgresql.org
Backpatch-through: 17
---
 contrib/pgcrypto/openssl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c
index d3c12e7fda3..c4ab2d6c714 100644
--- a/contrib/pgcrypto/openssl.c
+++ b/contrib/pgcrypto/openssl.c
@@ -832,7 +832,10 @@ px_find_cipher(const char *name, PX_Cipher **res)
 static void
 ResOwnerReleaseOSSLCipher(Datum res)
 {
-	free_openssl_cipher((OSSLCipher *) DatumGetPointer(res));
+	OSSLCipher *cipher = (OSSLCipher *) DatumGetPointer(res);
+
+	cipher->owner = NULL;
+	free_openssl_cipher(cipher);
 }
 
 /*
-- 
2.47.3