Re: BUG #16070: A double-free bug in interfaces/libpq/fe-secure-openssl.c

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: BUG #16070: A double-free bug in interfaces/libpq/fe-secure-openssl.c
Дата
Msg-id 13213.1571581031@sss.pgh.pa.us
обсуждение исходный текст
Ответ на BUG #16070: A double-free bug in interfaces/libpq/fe-secure-openssl.c  (PG Bug reporting form <noreply@postgresql.org>)
Ответы Re: BUG #16070: A double-free bug ininterfaces/libpq/fe-secure-openssl.c  (Michael Paquier <michael@paquier.xyz>)
Список pgsql-bugs
Дерево обсуждения 
PG Bug reporting form <noreply@postgresql.org> writes:
> In
> https://github.com/postgres/postgres/blob/REL_10_STABLE/src/interfaces/libpq/fe-secure-openssl.c,
> at Line 1206, it would call the function "ENGINE_finish" and free
> conn->engine. At Line 1207, it would call the function "ENGINE_free" and
> free conn->engine again. This would lead to a double free bug.

I don't really believe this; if there were a double-free problem here,
we'd surely have noticed it long since.

Taking a look at the OpenSSL source code, it looks like engine_free_util
decrements a reference count and doesn't actually delete anything until
that's gone to zero.  So maybe the refcount is 2 at the beginning of
this sequence?

            regards, tom lane

В списке pgsql-bugs по дате отправления:

Предыдущее
От: PG Bug reporting form
Дата:
Сообщение: BUG #16070: A double-free bug in interfaces/libpq/fe-secure-openssl.c
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Re: BUG #16068: Collate of 'Norwegian Bokmål' is problematic