NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commit15c21bf

committed

Defend against possibility that SSL error reporting mechanism returns

a NULL pointer. Per report from Stephen Pillinger 8-Nov-01.

1 parentf6ee99a commit15c21bfCopy full SHA for 15c21bf

File tree

2 files changed

+76

-11

lines changed

src
- backend/postmaster
  - postmaster.c
- interfaces/libpq
  - fe-connect.c

2 files changed

+76

-11

lines changed

`‎src/backend/postmaster/postmaster.c`

Lines changed: 35 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@`
`37`	`37`	`*`
`38`	`38`	`*`
`39`	`39`	`* IDENTIFICATION`
`40`		`- * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.259 2001/11/10 23:06:12 tgl Exp $`
	`40`	`+ * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.260 2001/11/11 02:09:05 tgl Exp $`
`41`	`41`	`*`
`42`	`42`	`* NOTES`
`43`	`43`	`*`
`@@ -271,6 +271,7 @@ __attribute__((format(printf, 1, 2)));`
`271`	`271`
`272`	`272`	`#ifdefUSE_SSL`
`273`	`273`	`staticvoidInitSSL(void);`
	`274`	`+staticconstchar*SSLerrmessage(void);`
`274`	`275`	`#endif`
`275`	`276`
`276`	`277`
`@@ -1108,8 +1109,8 @@ ProcessStartupPacket(Port *port, bool SSLdone)`
`1108`	`1109`	`!SSL_set_fd(port->ssl,port->sock)\|\|`
`1109`	`1110`	`SSL_accept(port->ssl) <=0)`
`1110`	`1111`	`{`
`1111`		`-elog(DEBUG,"failed to initialize SSL connection: %s (%s)",`
`1112`		`-ERR_reason_error_string(ERR_get_error()),strerror(errno));`
	`1112`	`+elog(DEBUG,"failed to initialize SSL connection: %s (%m)",`
	`1113`	`+SSLerrmessage());`
`1113`	`1114`	`returnSTATUS_ERROR;`
`1114`	`1115`	`}`
`1115`	`1116`	`}`
`@@ -2379,6 +2380,7 @@ CountChildren(void)`
`2379`	`2380`	`}`
`2380`	`2381`
`2381`	`2382`	`#ifdefUSE_SSL`
	`2383`	`+`
`2382`	`2384`	`/*`
`2383`	`2385`	`* Initialize SSL library and structures`
`2384`	`2386`	`*/`
`@@ -2393,31 +2395,56 @@ InitSSL(void)`
`2393`	`2395`	`if (!SSL_context)`
`2394`	`2396`	`{`
`2395`	`2397`	`postmaster_error("failed to create SSL context: %s",`
`2396`		`-ERR_reason_error_string(ERR_get_error()));`
	`2398`	`+SSLerrmessage());`
`2397`	`2399`	`ExitPostmaster(1);`
`2398`	`2400`	`}`
`2399`	`2401`	`snprintf(fnbuf,sizeof(fnbuf),"%s/server.crt",DataDir);`
`2400`	`2402`	`if (!SSL_CTX_use_certificate_file(SSL_context,fnbuf,SSL_FILETYPE_PEM))`
`2401`	`2403`	`{`
`2402`	`2404`	`postmaster_error("failed to load server certificate (%s): %s",`
`2403`		`-fnbuf,ERR_reason_error_string(ERR_get_error()));`
	`2405`	`+fnbuf,SSLerrmessage());`
`2404`	`2406`	`ExitPostmaster(1);`
`2405`	`2407`	`}`
`2406`	`2408`	`snprintf(fnbuf,sizeof(fnbuf),"%s/server.key",DataDir);`
`2407`	`2409`	`if (!SSL_CTX_use_PrivateKey_file(SSL_context,fnbuf,SSL_FILETYPE_PEM))`
`2408`	`2410`	`{`
`2409`	`2411`	`postmaster_error("failed to load private key file (%s): %s",`
`2410`		`-fnbuf,ERR_reason_error_string(ERR_get_error()));`
	`2412`	`+fnbuf,SSLerrmessage());`
`2411`	`2413`	`ExitPostmaster(1);`
`2412`	`2414`	`}`
`2413`	`2415`	`if (!SSL_CTX_check_private_key(SSL_context))`
`2414`	`2416`	`{`
`2415`	`2417`	`postmaster_error("check of private key failed: %s",`
`2416`		`-ERR_reason_error_string(ERR_get_error()));`
	`2418`	`+SSLerrmessage());`
`2417`	`2419`	`ExitPostmaster(1);`
`2418`	`2420`	`}`
`2419`	`2421`	`}`
`2420`		`-#endif`
	`2422`	`+`
	`2423`	`+/*`
	`2424`	`+ * Obtain reason string for last SSL error`
	`2425`	`+ *`
	`2426`	`+ * Some caution is needed here since ERR_reason_error_string will`
	`2427`	`+ * return NULL if it doesn't recognize the error code. We don't`
	`2428`	`+ * want to return NULL ever.`
	`2429`	`+ */`
	`2430`	`+staticconstchar*`
	`2431`	`+SSLerrmessage(void)`
	`2432`	`+{`
	`2433`	`+unsigned longerrcode;`
	`2434`	`+constchar*errreason;`
	`2435`	`+staticcharerrbuf[32];`
	`2436`	`+`
	`2437`	`+errcode=ERR_get_error();`
	`2438`	`+if (errcode==0)`
	`2439`	`+return"No SSL error reported";`
	`2440`	`+errreason=ERR_reason_error_string(errcode);`
	`2441`	`+if (errreason!=NULL)`
	`2442`	`+returnerrreason;`
	`2443`	`+snprintf(errbuf,sizeof(errbuf),"SSL error code %lu",errcode);`
	`2444`	`+returnerrbuf;`
	`2445`	`+}`
	`2446`	`+`
	`2447`	`+#endif/* USE_SSL */`
`2421`	`2448`
`2422`	`2449`	`/*`
`2423`	`2450`	`* Fire off a subprocess for startup/shutdown/checkpoint.`

`‎src/interfaces/libpq/fe-connect.c`

Lines changed: 41 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.180 2001/11/05 17:46:37 momjian Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.181 2001/11/11 02:09:05 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -186,6 +186,9 @@ static char conninfo_getval(PQconninfoOption connOptions,`
`186`	`186`	`staticvoiddefaultNoticeProcessor(voidarg,constcharmessage);`
`187`	`187`	`staticintparseServiceInfo(PQconninfoOption*options,`
`188`	`188`	`PQExpBuffererrorMessage);`
	`189`	`+#ifdefUSE_SSL`
	`190`	`+staticconstchar*SSLerrmessage(void);`
	`191`	`+#endif`
`189`	`192`
`190`	`193`
`191`	`194`	`/*`
`@@ -961,7 +964,7 @@ connectDBStart(PGconn *conn)`
`961`	`964`	`{`
`962`	`965`	`printfPQExpBuffer(&conn->errorMessage,`
`963`	`966`	`libpq_gettext("could not create SSL context: %s\n"),`
`964`		`-ERR_reason_error_string(ERR_get_error()));`
	`967`	`+SSLerrmessage());`
`965`	`968`	`gotoconnect_errReturn;`
`966`	`969`	`}`
`967`	`970`	`}`
`@@ -971,7 +974,7 @@ connectDBStart(PGconn *conn)`
`971`	`974`	`{`
`972`	`975`	`printfPQExpBuffer(&conn->errorMessage,`
`973`	`976`	`libpq_gettext("could not establish SSL connection: %s\n"),`
`974`		`-ERR_reason_error_string(ERR_get_error()));`
	`977`	`+SSLerrmessage());`
`975`	`978`	`gotoconnect_errReturn;`
`976`	`979`	`}`
`977`	`980`	`/* SSL connection finished. Continue to send startup packet */`
`@@ -981,7 +984,12 @@ connectDBStart(PGconn *conn)`
`981`	`984`	`/* Received error - probably protocol mismatch */`
`982`	`985`	`if (conn->Pfdebug)`
`983`	`986`	`fprintf(conn->Pfdebug,"Postmaster reports error, attempting fallback to pre-7.0.\n");`
	`987`	`+#ifdefWIN32`
	`988`	`+closesocket(conn->sock);`
	`989`	`+#else`
`984`	`990`	`close(conn->sock);`
	`991`	`+#endif`
	`992`	`+conn->sock=-1;`
`985`	`993`	`conn->allow_ssl_try= FALSE;`
`986`	`994`	`returnconnectDBStart(conn);`
`987`	`995`	`}`
`@@ -2610,6 +2618,36 @@ PQconninfoFree(PQconninfoOption *connOptions)`
`2610`	`2618`	`free(connOptions);`
`2611`	`2619`	`}`
`2612`	`2620`
	`2621`	`+`
	`2622`	`+#ifdefUSE_SSL`
	`2623`	`+`
	`2624`	`+/*`
	`2625`	`+ * Obtain reason string for last SSL error`
	`2626`	`+ *`
	`2627`	`+ * Some caution is needed here since ERR_reason_error_string will`
	`2628`	`+ * return NULL if it doesn't recognize the error code. We don't`
	`2629`	`+ * want to return NULL ever.`
	`2630`	`+ */`
	`2631`	`+staticconstchar*`
	`2632`	`+SSLerrmessage(void)`
	`2633`	`+{`
	`2634`	`+unsigned longerrcode;`
	`2635`	`+constchar*errreason;`
	`2636`	`+staticcharerrbuf[32];`
	`2637`	`+`
	`2638`	`+errcode=ERR_get_error();`
	`2639`	`+if (errcode==0)`
	`2640`	`+return"No SSL error reported";`
	`2641`	`+errreason=ERR_reason_error_string(errcode);`
	`2642`	`+if (errreason!=NULL)`
	`2643`	`+returnerrreason;`
	`2644`	`+snprintf(errbuf,sizeof(errbuf),"SSL error code %lu",errcode);`
	`2645`	`+returnerrbuf;`
	`2646`	`+}`
	`2647`	`+`
	`2648`	`+#endif/* USE_SSL */`
	`2649`	`+`
	`2650`	`+`
`2613`	`2651`	`/* =========== accessor functions for PGconn ========= */`
`2614`	`2652`	`char*`
`2615`	`2653`	`PQdb(constPGconn*conn)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit15c21bf

File tree

2 files changed

2 files changed

`‎src/backend/postmaster/postmaster.c`

`‎src/interfaces/libpq/fe-connect.c`

0 commit comments