Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_ssl_module.c @ 7473:8981dbb12254
SSL: fixed potential leak on memory allocation errors.
If ngx_pool_cleanup_add() fails, we have to clean just created SSL context
manually, thus appropriate call added.
Additionally, ngx_pool_cleanup_add() moved closer to ngx_ssl_create() in
the ngx_http_ssl_module, to make sure there are no leaks due to intermediate
code.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sun, 03 Mar 2019 16:48:39 +0300 |
parents | 48c87377aabd |
children | ef7ee19776db |
comparison
equal
deleted
inserted
replaced
7472:d430babbe643 | 7473:8981dbb12254 |
---|---|
698 | 698 |
699 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { | 699 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { |
700 return NGX_CONF_ERROR; | 700 return NGX_CONF_ERROR; |
701 } | 701 } |
702 | 702 |
703 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
704 if (cln == NULL) { | |
705 ngx_ssl_cleanup_ctx(&conf->ssl); | |
706 return NGX_CONF_ERROR; | |
707 } | |
708 | |
709 cln->handler = ngx_ssl_cleanup_ctx; | |
710 cln->data = &conf->ssl; | |
711 | |
703 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | 712 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
704 | 713 |
705 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, | 714 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, |
706 ngx_http_ssl_servername) | 715 ngx_http_ssl_servername) |
707 == 0) | 716 == 0) |
720 | 729 |
721 #ifdef TLSEXT_TYPE_next_proto_neg | 730 #ifdef TLSEXT_TYPE_next_proto_neg |
722 SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx, | 731 SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx, |
723 ngx_http_ssl_npn_advertised, NULL); | 732 ngx_http_ssl_npn_advertised, NULL); |
724 #endif | 733 #endif |
725 | |
726 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
727 if (cln == NULL) { | |
728 return NGX_CONF_ERROR; | |
729 } | |
730 | |
731 cln->handler = ngx_ssl_cleanup_ctx; | |
732 cln->data = &conf->ssl; | |
733 | 734 |
734 if (ngx_http_ssl_compile_certificates(cf, conf) != NGX_OK) { | 735 if (ngx_http_ssl_compile_certificates(cf, conf) != NGX_OK) { |
735 return NGX_CONF_ERROR; | 736 return NGX_CONF_ERROR; |
736 } | 737 } |
737 | 738 |