Mercurial > hg > nginx
comparison src/http/modules/ngx_http_uwsgi_module.c @ 5659:3fb6615bb87f
Upstream: plugged potential memory leak on reload.
The SSL_CTX_set_cipher_list() may fail if there are no valid ciphers
specified in proxy_ssl_ciphers / uwsgi_ssl_ciphers, resulting in
SSL context leak.
In theory, ngx_pool_cleanup_add() may fail too, but this case is
intentionally left out for now as it's almost impossible and proper fix
will require changes to http ssl and mail ssl code as well.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 18 Apr 2014 20:13:24 +0400 |
parents | d15822784cf9 |
children | 3cb79707516a |
comparison
equal
deleted
inserted
replaced
5658:94ae92776441 | 5659:3fb6615bb87f |
---|---|
2010 != NGX_OK) | 2010 != NGX_OK) |
2011 { | 2011 { |
2012 return NGX_ERROR; | 2012 return NGX_ERROR; |
2013 } | 2013 } |
2014 | 2014 |
2015 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
2016 if (cln == NULL) { | |
2017 return NGX_ERROR; | |
2018 } | |
2019 | |
2020 cln->handler = ngx_ssl_cleanup_ctx; | |
2021 cln->data = uwcf->upstream.ssl; | |
2022 | |
2015 if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx, | 2023 if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx, |
2016 (const char *) uwcf->ssl_ciphers.data) | 2024 (const char *) uwcf->ssl_ciphers.data) |
2017 == 0) | 2025 == 0) |
2018 { | 2026 { |
2019 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 2027 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
2020 "SSL_CTX_set_cipher_list(\"%V\") failed", | 2028 "SSL_CTX_set_cipher_list(\"%V\") failed", |
2021 &uwcf->ssl_ciphers); | 2029 &uwcf->ssl_ciphers); |
2022 return NGX_ERROR; | 2030 return NGX_ERROR; |
2023 } | 2031 } |
2024 | 2032 |
2025 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
2026 if (cln == NULL) { | |
2027 return NGX_ERROR; | |
2028 } | |
2029 | |
2030 cln->handler = ngx_ssl_cleanup_ctx; | |
2031 cln->data = uwcf->upstream.ssl; | |
2032 | |
2033 return NGX_OK; | 2033 return NGX_OK; |
2034 } | 2034 } |
2035 | 2035 |
2036 #endif | 2036 #endif |