Skip site navigation (1) Skip section navigation (2)

Re: BUG #2260: PGCrypto Memory Problem

From: Marko Kreen <marko(at)l-t(dot)ee>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Michael Fuhr <mike(at)fuhr(dot)org>,Daniel Blaisdell <lunk(dot)djedi(at)gmail(dot)com>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #2260: PGCrypto Memory Problem
Date: 2006-02-16 14:17:21
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-bugs
On Wed, Feb 15, 2006 at 03:02:45PM -0500, Tom Lane wrote:
> Michael Fuhr <mike(at)fuhr(dot)org> writes:
> > My non-OpenSSL build shows no memory leak, so the leak and OpenSSL
> > seem to be correlated.  I'd be more inclined to suspect a bug in
> > pgcrypto's OpenSSL-specific code than in OpenSSL itself.  Will keep
> > digging.
> The problem appears to be here:
> static void
> digest_finish(PX_MD * h, uint8 *dst)
> {
>     EVP_MD_CTX *ctx = (EVP_MD_CTX *) h->p.ptr;
>     const EVP_MD *md = EVP_MD_CTX_md(ctx);
>     EVP_DigestFinal(ctx, dst, NULL);
>     /*
>      * Some builds of 0.9.7x clear all of ctx in EVP_DigestFinal. Fix it by
>      * reinitializing ctx.
>      */
>     EVP_DigestInit(ctx, md);
> }
> It looks like this results in a leak of the entire OpenSSL context for
> each call to pg_crypt.  Marko, I trust you've got a better solution for
> this ...

Seems it's another bug in OpenSSL backwards compatibility code.
'man EVP_DigestInit':


  EVP_DigestFinal() is similar to EVP_DigestFinal_ex()
  except the digest context ctx is automatically cleaned up.


  EVP_DigestFinal() retrieves the digest value from ctx
  and places it in md. If the s parameter is not NULL then the
  number of bytes of data written (i.e. the length of the digest)
  will be written to the integer at s, at most EVP_MAX_MD_SIZE
  bytes will be written.  After calling EVP_DigestFinal() no
  additional calls to EVP_DigestUpdate() can be made, but
  EVP_DigestInit() can be called to initialize a new digest

But I have planned converting it to newer *_ex interface,
I just didn't bother as I hoped OpenSSL compatibility code
works fine.  Seems they don't do much testing of older
interfaces, so the fix should be conversion of digest
functions to newer interface.

I'll send a patch ASAP.


In response to

pgsql-bugs by date

Next:From: James HughesDate: 2006-02-16 15:33:48
Subject: BUG #2268: initdb fails to initialize database cluster with error "Access is denied"
Previous:From: Gerhard LutzDate: 2006-02-16 14:06:52
Subject: BUG #2267: Accessing large objects via ODBC

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group