Fix memory leak in libpq when using sslmode=verify-full

Checking if Subject Alternative Names (SANs) from a certificate match with the hostname connected to leaked memory after each lookup done. This is broken since acd08d7 that added support for SANs in SSL certificates, so backpatch down to 9.5. Author: Roman Peshkurov Reviewed-by: Hamid Akhtar, Michael Paquier, David Steele Discussion: https://postgr.es/m/CALLDf-pZ-E3mjxd5=bnHsDu9zHEOnpgPgdnO84E2RuwMCjjyPw@mail.gmail.com Backpatch-through: 9.5
author: Michael Paquier <michael@paquier.xyz> 2020-04-22 07:27:53 +0900
committer: Michael Paquier <michael@paquier.xyz> 2020-04-22 07:27:53 +0900
commit: 1bb0293d844538ee39b14a7965a9ea7e10dcae93 (patch)
tree: ba4fee4b6ee2968aa49b6dd239612e426f9bef32 /src/interfaces/libpq/fe-secure-openssl.c
parent: e6c17c85ac9e5c6ff2c4feeca913216baeb5afb6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index e8b917909f6..9be6b0d89c6 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -627,7 +627,7 @@ verify_peer_name_matches_certificate(PGconn *conn)
 			if (found_match || got_error)
 				break;
 		}
-		sk_GENERAL_NAME_free(peer_san);
+		sk_GENERAL_NAME_pop_free(peer_san, GENERAL_NAME_free);
 	}
 
 	/*
author	Michael Paquier <michael@paquier.xyz>	2020-04-22 07:27:53 +0900
committer	Michael Paquier <michael@paquier.xyz>	2020-04-22 07:27:53 +0900
commit	1bb0293d844538ee39b14a7965a9ea7e10dcae93 (patch)
tree	ba4fee4b6ee2968aa49b6dd239612e426f9bef32 /src/interfaces/libpq/fe-secure-openssl.c
parent	e6c17c85ac9e5c6ff2c4feeca913216baeb5afb6 (diff)