From fe090f0778453f3256d15a19bf42c5781fa2d6fd Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 23 Jun 2006 14:42:52 +0000 Subject: Back-patch 7.4-era fix for memory leak with SSL connections due to missing X509_free() calls. Per a request from a Red Hat customer; seems silly for Red Hat to be shipping a patch that's not in upstream. --- src/backend/libpq/be-secure.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'src/backend/libpq/be-secure.c') diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 97f887af00b..57103fe356d 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.15.2.14 2006/05/12 22:45:06 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.15.2.15 2006/06/23 14:42:52 tgl Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -775,6 +775,9 @@ destroy_SSL(void) static int open_server_SSL(Port *port) { + Assert(!port->ssl); + Assert(!port->peer); + if (!(port->ssl = SSL_new(SSL_context)) || !my_SSL_set_fd(port->ssl, port->sock) || SSL_accept(port->ssl) <= 0) @@ -821,6 +824,12 @@ close_SSL(Port *port) SSL_free(port->ssl); port->ssl = NULL; } + + if (port->peer) + { + X509_free(port->peer); + port->peer = NULL; + } } /* -- cgit v1.2.3