Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7484:65074e13f171
SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn.
If X509_get_issuer_name() or X509_get_subject_name() returned NULL,
this could lead to a certificate reference leak. It cannot happen
in practice though, since each function returns an internal pointer
to a mandatory subfield of the certificate successfully decoded by
d2i_X509() during certificate message processing (closes #1751).
| author | Nikolay Morozov <n.morozov@securitycode.ru> |
|---|---|
| date | Tue, 26 Mar 2019 09:33:57 +0300 |
| parents | c74904a17021 |
| children | b99cbafd51da |
comparison
equal
deleted
inserted
replaced
| 7483:1144c122e370 | 7484:65074e13f171 |
|---|---|
| 4620 return NGX_OK; | 4620 return NGX_OK; |
| 4621 } | 4621 } |
| 4622 | 4622 |
| 4623 name = X509_get_subject_name(cert); | 4623 name = X509_get_subject_name(cert); |
| 4624 if (name == NULL) { | 4624 if (name == NULL) { |
| 4625 X509_free(cert); | |
| 4625 return NGX_ERROR; | 4626 return NGX_ERROR; |
| 4626 } | 4627 } |
| 4627 | 4628 |
| 4628 bio = BIO_new(BIO_s_mem()); | 4629 bio = BIO_new(BIO_s_mem()); |
| 4629 if (bio == NULL) { | 4630 if (bio == NULL) { |
| 4671 return NGX_OK; | 4672 return NGX_OK; |
| 4672 } | 4673 } |
| 4673 | 4674 |
| 4674 name = X509_get_issuer_name(cert); | 4675 name = X509_get_issuer_name(cert); |
| 4675 if (name == NULL) { | 4676 if (name == NULL) { |
| 4677 X509_free(cert); | |
| 4676 return NGX_ERROR; | 4678 return NGX_ERROR; |
| 4677 } | 4679 } |
| 4678 | 4680 |
| 4679 bio = BIO_new(BIO_s_mem()); | 4681 bio = BIO_new(BIO_s_mem()); |
| 4680 if (bio == NULL) { | 4682 if (bio == NULL) { |