The postmaster contains this code just before it waits for input:
#ifdef USE_SSL
for (curr = DLGetHead(PortList); curr; curr = DLGetSucc(curr))
{
if (((Port *) DLE_VAL(curr))->ssl &&
SSL_pending(((Port *) DLE_VAL(curr))->ssl) > 0)
{
no_select = true;
break;
}
}
if (no_select)
FD_ZERO(&rmask); /* So we don't accept() anything below */
#endif
I am not sure exactly what SSL_pending() is defined to mean, but as
near as I can tell, whenever SSL_pending() returns true, the postmaster
will completely ignore every other input-ready condition. This spells
"denial of service" from where I sit: a nonresponsive SSL client will
cause the postmaster to freeze up for all other clients.
Can anyone who knows about SSL defend or even explain the above code?
I am strongly inclined to just dike it out.
regards, tom lane
