Postgres Pro
Downloads
Home   >   mailing lists

Uninitialized SSL values? (was: Fix for bug in ldapServiceLookup in libpq) - Mailing list pgsql-hackers

From Albe Laurenz
Subject Uninitialized SSL values? (was: Fix for bug in ldapServiceLookup in libpq)
Date
Msg-id D960CB61B694CF459DCFB4B0128514C20668FD45@exadv11.host.magwien.gv.at
Whole thread Raw
In response to Re: Fix for bug in ldapServiceLookup in libpq  ("Albe Laurenz" <laurenz.albe@wien.gv.at>)
Responses Re: Uninitialized SSL values? (was: Fix for bug in ldapServiceLookup in libpq)  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tree view 
I wrote:
>>> I have found a small but annoying bug in libpq where
>>> connection parameters are resolved via LDAP.
>
> I have attached a new version of the patch that should address all
known
> problems.

FWIW, I ran valgrind on psql establishing an SSL connection, and I found
some messages like this:

==26437== Conditional jump or move depends on uninitialised value(s)
==26437==    at 0x423DDC8: BN_mod_inverse (in /lib/libcrypto.so.0.9.7a)
==26437==    by 0x4241EDC: BN_MONT_CTX_set (in /lib/libcrypto.so.0.9.7a)
==26437==    by 0x4243E28: ??? (in /lib/libcrypto.so.0.9.7a)
==26437==    by 0x424553D: RSA_public_decrypt (in
/lib/libcrypto.so.0.9.7a)
==26437==    by 0x4245F15: RSA_verify (in /lib/libcrypto.so.0.9.7a)
==26437==    by 0x41D1192: ??? (in /lib/libssl.so.0.9.7a)
==26437==    by 0x41CFC2A: ssl3_connect (in /lib/libssl.so.0.9.7a)
==26437==    by 0x41DC939: SSL_connect (in /lib/libssl.so.0.9.7a)
==26437==    by 0x403DF47: open_client_SSL (fe-secure.c:1161)
==26437==    by 0x403C903: pqsecure_open_client (fe-secure.c:284)
==26437==    by 0x402908F: PQconnectPoll (fe-connect.c:2113)
==26437==    by 0x4028301: connectDBComplete (fe-connect.c:1463)

and

==26437== Use of uninitialised value of size 4
==26437==    at 0x42387A5: BN_num_bits_word (in
/lib/libcrypto.so.0.9.7a)
==26437==    by 0x4238833: BN_num_bits (in /lib/libcrypto.so.0.9.7a)
==26437==    by 0x423788A: BN_mod_exp_mont_consttime (in
/lib/libcrypto.so.0.9.7a)
==26437==    by 0x4237657: BN_mod_exp_mont (in /lib/libcrypto.so.0.9.7a)
==26437==    by 0x424A51D: ??? (in /lib/libcrypto.so.0.9.7a)
==26437==    by 0x424A1DB: ??? (in /lib/libcrypto.so.0.9.7a)
==26437==    by 0x424A061: DH_generate_key (in /lib/libcrypto.so.0.9.7a)
==26437==    by 0x41D1EF9: ??? (in /lib/libssl.so.0.9.7a)
==26437==    by 0x41CFD1E: ssl3_connect (in /lib/libssl.so.0.9.7a)
==26437==    by 0x41DC939: SSL_connect (in /lib/libssl.so.0.9.7a)
==26437==    by 0x403DF47: open_client_SSL (fe-secure.c:1161)
==26437==    by 0x403C903: pqsecure_open_client (fe-secure.c:284)

All in the same call of SSL_connect in open_client_SSL.

I've never worked with SSL, but it looks to me like something in the SSL
data structure is uninitialized. Don't know if that's a serious problem
or not.

Yours,
Laurenz Albe

pgsql-hackers by date:

Previous
From: Markus Wanner
Date:
Subject: Re: "stored procedures" - use cases?
Next
From: Robert Haas
Date:
Subject: Re: pg_upgrade and PGPORT