db/pgbackrest
1
0
Fork 0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2025-09-16 09:06:18 +02:00
Code Issues Releases Activity

Fix leak in TlsClient object.

Browse Source 
sckClientOpen() is the most likely part of this code to error so move it up above SSL session creation to reduce the chance of a leak.
This commit is contained in:
David Steele
2020-05-06 18:17:50 -04:00
parent e677929802
commit 28967951ab
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/common/io/tls/client.c
View File

@@ -281,7 +281,11 @@ tlsClientOpen(TlsClient *this)
TRY_BEGIN() TRY_BEGIN()
{ {
// Create internal TLS session // Open the socket session first since this is mostly likely to fail
SocketSession *socketSession = sckClientOpen(this->socketClient);
// Create internal TLS session. If there is a failure before the TlsSession object is created there may be a leak
// of the TLS session but this is likely to result in program termination so it doesn't seem worth coding for.
cryptoError((session = SSL_new(this->context)) == NULL, "unable to create TLS session"); cryptoError((session = SSL_new(this->context)) == NULL, "unable to create TLS session");
// Set server host name used for validation // Set server host name used for validation
@@ -290,11 +294,10 @@ tlsClientOpen(TlsClient *this)
"unable to set TLS host name"); "unable to set TLS host name");
// Create the TLS session // Create the TLS session
result = tlsSessionNew(session, sckClientOpen(this->socketClient), this->timeout); result = tlsSessionNew(session, socketSession, this->timeout);
} }
CATCH_ANY() CATCH_ANY()
{ {
tlsSessionFree(result);
result = NULL; result = NULL;
// Retry if wait time has not expired // Retry if wait time has not expired