Fix memory leak in libpq when using sslmode=verify-full

Checking if Subject Alternative Names (SANs) from a certificate match with the hostname connected to leaked memory after each lookup done. This is broken since acd08d7 that added support for SANs in SSL certificates, so backpatch down to 9.5. Author: Roman Peshkurov Reviewed-by: Hamid Akhtar, Michael Paquier, David Steele Discussion: https://postgr.es/m/CALLDf-pZ-E3mjxd5=bnHsDu9zHEOnpgPgdnO84E2RuwMCjjyPw@mail.gmail.com Backpatch-through: 9.5
author: Michael Paquier <michael@paquier.xyz> 2020-04-22 07:28:00 +0900
committer: Michael Paquier <michael@paquier.xyz> 2020-04-22 07:28:00 +0900
commit: c9c15790d5a6ef667729ab4e40c1e73f368f95c4 (patch)
tree: 7de5f71ea44bb524e05f192a43b580d1d92b2cca
parent: 5c1c27eef94a3d22f2fa4feab922c4af72a3a669 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 0f98ef6590e..20ebc6b6909 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -620,7 +620,7 @@ verify_peer_name_matches_certificate(PGconn *conn)
 			if (found_match || got_error)
 				break;
 		}
-		sk_GENERAL_NAME_free(peer_san);
+		sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free);
 	}
 
 	/*
author	Michael Paquier <michael@paquier.xyz>	2020-04-22 07:28:00 +0900
committer	Michael Paquier <michael@paquier.xyz>	2020-04-22 07:28:00 +0900
commit	c9c15790d5a6ef667729ab4e40c1e73f368f95c4 (patch)
tree	7de5f71ea44bb524e05f192a43b580d1d92b2cca
parent	5c1c27eef94a3d22f2fa4feab922c4af72a3a669 (diff)