public inbox for [email protected]
help / color / mirror / Atom feedMemory leak in a SSL module
2+ messages / 1 participants
[nested] [flat]
* Memory leak in a SSL module
@ 2026-04-03 00:18 Tatsuo Ishii <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: Tatsuo Ishii @ 2026-04-03 00:18 UTC (permalink / raw)
To: [email protected]
load_dh_file() leaks memory when supplied DH parameters are not valid.
It should have freed the memory returned by PEM_read_DHparams() using
DH_free(). The module was first imported from PostgreSQL (commit
573bd08b99e277026e87bb55ae69c489fab321b8 2018/1/19) on 2019/6/18 by
commit 51bc494aaa7fd191e14038204d18effe2efb0ec8. PostgreSQL found the
memory leak later on and fixed it by commit
e835e89a0fd267871e7fbddc39ad00ee3d0cb55c on 2021/3/20.
While I'm at it, the copyright notice in the same file is fixed. Since
the code was copied from PostgreSQL, we should retain the original
PostgreSQL copyright notice.
Patch attached.
--
Tatsuo Ishii
SRA OSS K.K.
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp
Attachments:
[text/x-patch] fix_ssl_memory_leak.patch (1.2K, 2-fix_ssl_memory_leak.patch)
download | inline diff:
diff --git a/src/utils/pool_ssl.c b/src/utils/pool_ssl.c
index dda5bd0fb..7a5af7ca4 100644
--- a/src/utils/pool_ssl.c
+++ b/src/utils/pool_ssl.c
@@ -5,7 +5,9 @@
* pgpool: a language independent connection pool server for PostgreSQL
* written by Tatsuo Ishii
*
- * Copyright (c) 2003-2021 PgPool Global Development Group
+ * Portions Copyright (c) 2003-2026, PgPool Global Development Group
+ * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
*
* Permission to use, copy, modify, and distribute this software and
* its documentation for any purpose and without fee is hereby
@@ -965,12 +967,14 @@ load_dh_file(char *filename)
ereport(WARNING,
(errmsg("invalid DH parameters: %s",
SSLerrmessage(ERR_get_error()))));
+ DH_free(dh);
return NULL;
}
if (codes & DH_CHECK_P_NOT_PRIME)
{
ereport(WARNING,
(errmsg("invalid DH parameters: p is not prime")));
+ DH_free(dh);
return NULL;
}
if ((codes & DH_NOT_SUITABLE_GENERATOR) &&
@@ -978,6 +982,7 @@ load_dh_file(char *filename)
{
ereport(WARNING,
(errmsg("invalid DH parameters: neither suitable generator or safe prime")));
+ DH_free(dh);
return NULL;
}
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: Memory leak in a SSL module
@ 2026-04-06 07:20 Tatsuo Ishii <[email protected]>
parent: Tatsuo Ishii <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Tatsuo Ishii @ 2026-04-06 07:20 UTC (permalink / raw)
To: [email protected]
> load_dh_file() leaks memory when supplied DH parameters are not valid.
> It should have freed the memory returned by PEM_read_DHparams() using
> DH_free(). The module was first imported from PostgreSQL (commit
> 573bd08b99e277026e87bb55ae69c489fab321b8 2018/1/19) on 2019/6/18 by
> commit 51bc494aaa7fd191e14038204d18effe2efb0ec8. PostgreSQL found the
> memory leak later on and fixed it by commit
> e835e89a0fd267871e7fbddc39ad00ee3d0cb55c on 2021/3/20.
>
> While I'm at it, the copyright notice in the same file is fixed. Since
> the code was copied from PostgreSQL, we should retain the original
> PostgreSQL copyright notice.
>
> Patch attached.
Patch pushed.
Regards,
--
Tatsuo Ishii
SRA OSS K.K.
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2026-04-06 07:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-04-03 00:18 Memory leak in a SSL module Tatsuo Ishii <[email protected]>
2026-04-06 07:20 ` Tatsuo Ishii <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox