Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5567:5a38f9609d85 stable-1.4
SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.
Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation. As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9). The check added returns an empty
string if there is no session available.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 23 Jan 2014 18:32:26 +0400 |
| parents | 70f4d99ded41 |
| children |
comparison
equal
deleted
inserted
replaced
| 5566:70f4d99ded41 | 5567:5a38f9609d85 |
|---|---|
| 2231 int len; | 2231 int len; |
| 2232 u_char *buf; | 2232 u_char *buf; |
| 2233 SSL_SESSION *sess; | 2233 SSL_SESSION *sess; |
| 2234 | 2234 |
| 2235 sess = SSL_get0_session(c->ssl->connection); | 2235 sess = SSL_get0_session(c->ssl->connection); |
| 2236 if (sess == NULL) { | |
| 2237 s->len = 0; | |
| 2238 return NGX_OK; | |
| 2239 } | |
| 2236 | 2240 |
| 2237 buf = sess->session_id; | 2241 buf = sess->session_id; |
| 2238 len = sess->session_id_length; | 2242 len = sess->session_id_length; |
| 2239 | 2243 |
| 2240 s->len = 2 * len; | 2244 s->len = 2 * len; |