Fix for OpenSSL error queue bug

From: Peter Geoghegan <pg(at)heroku(dot)com>
To: Pg Hackers <pgsql-hackers(at)postgresql(dot)org>
Cc: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, David Zuelke <dz(at)heroku(dot)com>
Subject: Fix for OpenSSL error queue bug
Date: 2016-02-05 10:04:07
Message-ID: CAM3SWZSOJ1p-6jE+h8iii6WboBmyFHuJto=S2Fk==y1wLV3pSQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Attached patch fixes an issue reported by William Felipe Welter about
a year ago [1]. It is loosely based on his original patch.

As Heikki goes into on that thread, the appropriate action seems to be
to constantly reset the error queue, and to make sure that we
ourselves clear the queue consistently. (Note that we might not have
consistently called ERR_get_error() in the event of an OOM within
SSLerrmessage(), for example). I have not changed backend code in the
patch, though; I felt that we had enough control of the general
situation there for it to be unnecessary to lock everything down.

The interface that OpenSSL exposes for all of this is very poorly
thought out. It's not exactly clear how a client of OpenSSL can be a
"good citizen" in handling the error queue. Correctly using the
library is only ever described in terms of a very exact thing that
must happen or must not happen. There is no overarching concept of how
things fit together so that each OpenSSL client doesn't clobber the
other. It's all rather impractical. Clearly, this patch needs careful
review.

[1] http://www.postgresql.org/message-id/flat/20150224030956(dot)2529(dot)83279(at)wrigleys(dot)postgresql(dot)org#20150224030956(dot)2529(dot)83279@wrigleys.postgresql.org
--
Peter Geoghegan

Attachment Content-Type Size
0001-Distrust-external-OpenSSL-clients-clear-err-queue.patch text/x-patch 12.5 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Marko Tiikkaja 2016-02-05 10:12:50 Re: count_nulls(VARIADIC "any")
Previous Message Michael Paquier 2016-02-05 09:59:42 Re: Support for N synchronous standby servers - take 2