From 020426268ff6acaa140780336eb1c50b034cb893 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 22 Jun 2026 12:59:16 -0400 Subject: [PATCH] pgcrypto: avoid recursive ResourceOwnerForget(). Raising an error within a function using an OSSLCipher object led to a complaint from ResourceOwnerForget and then a double-free crash, because ResOwnerReleaseOSSLCipher forgot to unhook the OSSLCipher object from its owner. (The sibling logic for OSSLDigest objects got this right, as did every other ReleaseResource function AFAICS.) Oversight in cd694f60d. Bug: #19527 Reported-by: Yuelin Wang <3020001251@tju.edu.cn> Author: Yuelin Wang <3020001251@tju.edu.cn> Reviewed-by: Tom Lane Discussion: https://postgr.es/m/19527-6e7686960c6dce78@postgresql.org Backpatch-through: 17 --- contrib/pgcrypto/openssl.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c index f179e80c842..51f28799a41 100644 --- a/contrib/pgcrypto/openssl.c +++ b/contrib/pgcrypto/openssl.c @@ -832,7 +832,10 @@ px_find_cipher(const char *name, PX_Cipher **res) static void ResOwnerReleaseOSSLCipher(Datum res) { - free_openssl_cipher((OSSLCipher *) DatumGetPointer(res)); + OSSLCipher *cipher = (OSSLCipher *) DatumGetPointer(res); + + cipher->owner = NULL; + free_openssl_cipher(cipher); } /*