Mercurial > hg > nginx

comparison src/http/modules/ngx_http_uwsgi_module.c @ 5659:3fb6615bb87f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Upstream: plugged potential memory leak on reload. The SSL_CTX_set_cipher_list() may fail if there are no valid ciphers specified in proxy_ssl_ciphers / uwsgi_ssl_ciphers, resulting in SSL context leak. In theory, ngx_pool_cleanup_add() may fail too, but this case is intentionally left out for now as it's almost impossible and proper fix will require changes to http ssl and mail ssl code as well.
author Maxim Dounin <mdounin@mdounin.ru>
date Fri, 18 Apr 2014 20:13:24 +0400
parents d15822784cf9
children 3cb79707516a
comparison
equal deleted inserted replaced
5658:94ae92776441 5659:3fb6615bb87f
2010 != NGX_OK) 2010 != NGX_OK)
2011 { 2011 {
2012 return NGX_ERROR; 2012 return NGX_ERROR;
2013 } 2013 }
2014 2014
2015 cln = ngx_pool_cleanup_add(cf->pool, 0);
2016 if (cln == NULL) {
2017 return NGX_ERROR;
2018 }
2019
2020 cln->handler = ngx_ssl_cleanup_ctx;
2021 cln->data = uwcf->upstream.ssl;
2022
2015 if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx, 2023 if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx,
2016 (const char *) uwcf->ssl_ciphers.data) 2024 (const char *) uwcf->ssl_ciphers.data)
2017 == 0) 2025 == 0)
2018 { 2026 {
2019 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, 2027 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
2020 "SSL_CTX_set_cipher_list(\"%V\") failed", 2028 "SSL_CTX_set_cipher_list(\"%V\") failed",
2021 &uwcf->ssl_ciphers); 2029 &uwcf->ssl_ciphers);
2022 return NGX_ERROR; 2030 return NGX_ERROR;
2023 } 2031 }
2024 2032
2025 cln = ngx_pool_cleanup_add(cf->pool, 0);
2026 if (cln == NULL) {
2027 return NGX_ERROR;
2028 }
2029
2030 cln->handler = ngx_ssl_cleanup_ctx;
2031 cln->data = uwcf->upstream.ssl;
2032
2033 return NGX_OK; 2033 return NGX_OK;
2034 } 2034 }
2035 2035
2036 #endif 2036 #endif