Обсуждение: Possible memory leak in pgcrypto with EVP_MD_CTX

Hi all,

It happens that pgcrypto has the following leak if a digest cannot be
initialized:
--- a/contrib/pgcrypto/openssl.c
+++ b/contrib/pgcrypto/openssl.c
@@ -202,6 +202,7 @@ px_find_digest(const char *name, PX_MD **res)
    }
    if (EVP_DigestInit_ex(ctx, md, NULL) == 0)
    {
+       EVP_MD_CTX_destroy(ctx);
        pfree(digest);
        return -1;
    }

That's a bit annoying, because this memory is allocated directly by
OpenSSL, and Postgres does not know how to free it until it gets
registered in the list of open_digests that would be used by the
cleanup callback, so I think that we had better back-patch this fix.

Thoughts?
--
Michael

On Thu, Oct 15, 2020 at 04:22:12PM +0900, Michael Paquier wrote:
> That's a bit annoying, because this memory is allocated directly by
> OpenSSL, and Postgres does not know how to free it until it gets
> registered in the list of open_digests that would be used by the
> cleanup callback, so I think that we had better back-patch this fix.

Hearing nothing, I have fixed the issue and back-patched it.

While looking at it, I have noticed that e2838c58 has never actually
worked with OpenSSL 0.9.6 because we lack an equivalent for
EVP_MD_CTX_destroy() and EVP_MD_CTX_create().  This issue would be
easy enough to fix as the size of EVP_MD_CTX is known in those
versions of OpenSSL, but as we have heard zero complaints on this
matter I have left that out in the 9.5 and 9.6 branches.  Back in
2016, even 0.9.8 was barely used, so I can't even imagine somebody
using 0.9.6 with the most recent PG releases.
--
Michael