Quick Links

Uninitialized SSL values? (was: Fix for bug in ldapServiceLookup in libpq)

From:	"Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>
To:	"Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>, "Tom Lane EXTERN" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	"pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject:	Uninitialized SSL values? (was: Fix for bug in ldapServiceLookup in libpq)
Date:	2011-05-12 12:33:24
Message-ID:	D960CB61B694CF459DCFB4B0128514C20668FD45@exadv11.host.magwien.gv.at
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

I wrote:
>>> I have found a small but annoying bug in libpq where
>>> connection parameters are resolved via LDAP.
>
> I have attached a new version of the patch that should address all
known
> problems.

FWIW, I ran valgrind on psql establishing an SSL connection, and I found
some messages like this:

==26437== Conditional jump or move depends on uninitialised value(s)
==26437== at 0x423DDC8: BN_mod_inverse (in /lib/libcrypto.so.0.9.7a)
==26437== by 0x4241EDC: BN_MONT_CTX_set (in /lib/libcrypto.so.0.9.7a)
==26437== by 0x4243E28: ??? (in /lib/libcrypto.so.0.9.7a)
==26437== by 0x424553D: RSA_public_decrypt (in
/lib/libcrypto.so.0.9.7a)
==26437== by 0x4245F15: RSA_verify (in /lib/libcrypto.so.0.9.7a)
==26437== by 0x41D1192: ??? (in /lib/libssl.so.0.9.7a)
==26437== by 0x41CFC2A: ssl3_connect (in /lib/libssl.so.0.9.7a)
==26437== by 0x41DC939: SSL_connect (in /lib/libssl.so.0.9.7a)
==26437== by 0x403DF47: open_client_SSL (fe-secure.c:1161)
==26437== by 0x403C903: pqsecure_open_client (fe-secure.c:284)
==26437== by 0x402908F: PQconnectPoll (fe-connect.c:2113)
==26437== by 0x4028301: connectDBComplete (fe-connect.c:1463)

and

==26437== Use of uninitialised value of size 4
==26437== at 0x42387A5: BN_num_bits_word (in
/lib/libcrypto.so.0.9.7a)
==26437== by 0x4238833: BN_num_bits (in /lib/libcrypto.so.0.9.7a)
==26437== by 0x423788A: BN_mod_exp_mont_consttime (in
/lib/libcrypto.so.0.9.7a)
==26437== by 0x4237657: BN_mod_exp_mont (in /lib/libcrypto.so.0.9.7a)
==26437== by 0x424A51D: ??? (in /lib/libcrypto.so.0.9.7a)
==26437== by 0x424A1DB: ??? (in /lib/libcrypto.so.0.9.7a)
==26437== by 0x424A061: DH_generate_key (in /lib/libcrypto.so.0.9.7a)
==26437== by 0x41D1EF9: ??? (in /lib/libssl.so.0.9.7a)
==26437== by 0x41CFD1E: ssl3_connect (in /lib/libssl.so.0.9.7a)
==26437== by 0x41DC939: SSL_connect (in /lib/libssl.so.0.9.7a)
==26437== by 0x403DF47: open_client_SSL (fe-secure.c:1161)
==26437== by 0x403C903: pqsecure_open_client (fe-secure.c:284)

All in the same call of SSL_connect in open_client_SSL.

I've never worked with SSL, but it looks to me like something in the SSL
data structure is uninitialized. Don't know if that's a serious problem
or not.

Yours,
Laurenz Albe

In response to

Re: Fix for bug in ldapServiceLookup in libpq at 2011-05-12 08:22:23 from Albe Laurenz

Responses

Re: Uninitialized SSL values? (was: Fix for bug in ldapServiceLookup in libpq) at 2011-05-12 15:29:29 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2011-05-12 13:42:08	Re: pg_upgrade and PGPORT
Previous Message	Markus Wanner	2011-05-12 11:09:47	Re: "stored procedures" - use cases?