Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 6870:0a08a8babf53
Stream: fixed handling of non-ssl sessions.
A missing check could cause ngx_stream_ssl_handler() to be applied
to a non-ssl session, which resulted in a null pointer dereference
if ssl_verify_client is enabled.
The bug had appeared in 1.11.8 (41cb1b64561d).
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Thu, 19 Jan 2017 16:17:05 +0300 |
| parents | 41cb1b64561d |
| children | 1818acd8442f |
comparison
equal
deleted
inserted
replaced
| 6869:b2915d99ee8d | 6870:0a08a8babf53 |
|---|---|
| 285 long rc; | 285 long rc; |
| 286 X509 *cert; | 286 X509 *cert; |
| 287 ngx_connection_t *c; | 287 ngx_connection_t *c; |
| 288 ngx_stream_ssl_conf_t *sslcf; | 288 ngx_stream_ssl_conf_t *sslcf; |
| 289 | 289 |
| 290 if (!s->ssl) { | |
| 291 return NGX_OK; | |
| 292 } | |
| 293 | |
| 290 c = s->connection; | 294 c = s->connection; |
| 291 | 295 |
| 292 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); | 296 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); |
| 293 | 297 |
| 294 if (s->ssl && c->ssl == NULL) { | 298 if (c->ssl == NULL) { |
| 295 c->log->action = "SSL handshaking"; | 299 c->log->action = "SSL handshaking"; |
| 296 | 300 |
| 297 if (sslcf->ssl.ctx == NULL) { | 301 if (sslcf->ssl.ctx == NULL) { |
| 298 ngx_log_error(NGX_LOG_ERR, c->log, 0, | 302 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
| 299 "no \"ssl_certificate\" is defined " | 303 "no \"ssl_certificate\" is defined " |