PostgreSQL 17: Bug in libpq when libpq is dlopened/closed multiple times

Dear PostgreSQL developers,

my colleagues and I probably found a bug in libpq when libpq is dlopened
and closed multiple times during the lifetime of a process. In our setup
we use a PAM module which links to libpq. The process using PAM is
linked against openssl, so openssl is loaded during the complete
lifetime of the process whereas libpq is loaded only during PAM
authentication (and unloaded when PAM has finished).

We observed the bug on a Debian 13 system using libpq from Debian. To
reproduce the bug, compile the attached c file using the following gcc
command line:

gcc libpq1-dlopen.c -Wall -Wextra -o libpq1-dlopen -ldl -lssl -lcrypto

Then run the binary with a postgresql connection string as an argument.
The connection string has to include 'sslmode=require'. The program will
in a loop try to dlopen libpq, then connect to the server, finish the
connection and unload libpq.

According to our findings every time a connection is established after
dlopening libpq one of the 127 available BIO_METHOD structures in
OpenSSL is consumed:
https://github.com/postgres/postgres/blob/REL_17_9/src/interfaces/libpq/fe-secure-openssl.c#L1987

So after 127 cycles registering the callbacks fails and in our use case
the application is no longer able to authenticate using PAM. As a
workaround we LD_PRELOAD libpq in the application.

I am not subscribed yet to the mailing list, so please CC me.

Thank you,

Daniel
--
Daniel Schreiber
Facharbeitsgruppe Systemsoftware
Universitaetsrechenzentrum

Technische Universität Chemnitz
Straße der Nationen 62 (Raum B303)
09111 Chemnitz
Germany

Tel: +49 371 531 35444