Home > mailing lists

Re: BUG #16070: A double-free bug in interfaces/libpq/fe-secure-openssl.c - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #16070: A double-free bug in interfaces/libpq/fe-secure-openssl.c
Date	October 21, 2019 06:44:25
Msg-id	15038.1571629465@sss.pgh.pa.us Whole thread Raw
In response to	Re: BUG #16070: A double-free bug ininterfaces/libpq/fe-secure-openssl.c (Michael Paquier <michael@paquier.xyz>)
List	pgsql-bugs

Tree view

Michael Paquier <michael@paquier.xyz> writes:
> The docs of OpenSSL mention the use of both successively, where
> ENGINE_free() does the cleanup after ENGINE_by_id(), and
> ENGINE_finish() cleans up after ENGINE_init():
> https://www.openssl.org/docs/man1.1.0/man3/ENGINE_finish.html

Yeah, that reference page pretty definitely agrees with what
we're doing.

> And an actual issue is that we have no coverage for it:
> https://coverage.postgresql.org/src/interfaces/libpq/fe-secure-openssl.c.gcov.html

Oh, hmm ... I'd supposed that the code in question was exercised
in normal SSL connections, but now I see it's not so.  It looks
like you need a non-default SSL "engine" to be available??  Might
be hard to test this as a routine thing if it requires additional
software.

            regards, tom lane

pgsql-bugs by date:

From: Michael Paquier
Date: 21 October 2019, 06:25:37
Subject: Re: BUG #16070: A double-free bug ininterfaces/libpq/fe-secure-openssl.c

From: Tatsuo Ishii
Date: 21 October 2019, 08:02:17
Subject: Re: BUG #16035: STATEMENT_TIMEOUT not working when we have singlequote usage inside CTE which is used in inner sql

Re: BUG #16070: A double-free bug in interfaces/libpq/fe-secure-openssl.c - Mailing list pgsql-bugs

Previous

Next