Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 6870:0a08a8babf53
Stream: fixed handling of non-ssl sessions.
A missing check could cause ngx_stream_ssl_handler() to be applied
to a non-ssl session, which resulted in a null pointer dereference
if ssl_verify_client is enabled.
The bug had appeared in 1.11.8 (41cb1b64561d).
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 19 Jan 2017 16:17:05 +0300 |
parents | 41cb1b64561d |
children | 1818acd8442f |
comparison
equal
deleted
inserted
replaced
6869:b2915d99ee8d | 6870:0a08a8babf53 |
---|---|
285 long rc; | 285 long rc; |
286 X509 *cert; | 286 X509 *cert; |
287 ngx_connection_t *c; | 287 ngx_connection_t *c; |
288 ngx_stream_ssl_conf_t *sslcf; | 288 ngx_stream_ssl_conf_t *sslcf; |
289 | 289 |
290 if (!s->ssl) { | |
291 return NGX_OK; | |
292 } | |
293 | |
290 c = s->connection; | 294 c = s->connection; |
291 | 295 |
292 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); | 296 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); |
293 | 297 |
294 if (s->ssl && c->ssl == NULL) { | 298 if (c->ssl == NULL) { |
295 c->log->action = "SSL handshaking"; | 299 c->log->action = "SSL handshaking"; |
296 | 300 |
297 if (sslcf->ssl.ctx == NULL) { | 301 if (sslcf->ssl.ctx == NULL) { |
298 ngx_log_error(NGX_LOG_ERR, c->log, 0, | 302 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
299 "no \"ssl_certificate\" is defined " | 303 "no \"ssl_certificate\" is defined " |