Fix memory leak when rejecting bogus DH parameters.

While back-patching e0e569e1d, I noted that there were some other
places where we ought to be applying DH_free(); namely, where we
load some DH parameters from a file and then reject them as not
being sufficiently secure.  While it seems really unlikely that
anybody would hit these code paths in production, let alone do
so repeatedly, let's fix it for consistency.

Back-patch to v10 where this code was introduced.

Discussion: https://postgr.es/m/16160-18367e56e9a28264@postgresql.org

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 7495a970fa43e694cd47e1c11592089ecf0c5ee3..f0186d546a12966fe5f643a62f985d61e4ad469b 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -935,6 +935,7 @@ load_dh_file(char *filename, bool isServerStart)
                (errcode(ERRCODE_CONFIG_FILE_ERROR),
                 errmsg("invalid DH parameters: %s",
                        SSLerrmessage(ERR_get_error()))));
+       DH_free(dh);
        return NULL;
    }
    if (codes & DH_CHECK_P_NOT_PRIME)
@@ -942,6 +943,7 @@ load_dh_file(char *filename, bool isServerStart)
        ereport(isServerStart ? FATAL : LOG,
                (errcode(ERRCODE_CONFIG_FILE_ERROR),
                 errmsg("invalid DH parameters: p is not prime")));
+       DH_free(dh);
        return NULL;
    }
    if ((codes & DH_NOT_SUITABLE_GENERATOR) &&
@@ -950,6 +952,7 @@ load_dh_file(char *filename, bool isServerStart)
        ereport(isServerStart ? FATAL : LOG,
                (errcode(ERRCODE_CONFIG_FILE_ERROR),
                 errmsg("invalid DH parameters: neither suitable generator or safe prime")));
+       DH_free(dh);
        return NULL;
    }