Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7484:65074e13f171
SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn.
If X509_get_issuer_name() or X509_get_subject_name() returned NULL,
this could lead to a certificate reference leak. It cannot happen
in practice though, since each function returns an internal pointer
to a mandatory subfield of the certificate successfully decoded by
d2i_X509() during certificate message processing (closes #1751).
author | Nikolay Morozov <n.morozov@securitycode.ru> |
---|---|
date | Tue, 26 Mar 2019 09:33:57 +0300 |
parents | c74904a17021 |
children | b99cbafd51da |
comparison
equal
deleted
inserted
replaced
7483:1144c122e370 | 7484:65074e13f171 |
---|---|
4620 return NGX_OK; | 4620 return NGX_OK; |
4621 } | 4621 } |
4622 | 4622 |
4623 name = X509_get_subject_name(cert); | 4623 name = X509_get_subject_name(cert); |
4624 if (name == NULL) { | 4624 if (name == NULL) { |
4625 X509_free(cert); | |
4625 return NGX_ERROR; | 4626 return NGX_ERROR; |
4626 } | 4627 } |
4627 | 4628 |
4628 bio = BIO_new(BIO_s_mem()); | 4629 bio = BIO_new(BIO_s_mem()); |
4629 if (bio == NULL) { | 4630 if (bio == NULL) { |
4671 return NGX_OK; | 4672 return NGX_OK; |
4672 } | 4673 } |
4673 | 4674 |
4674 name = X509_get_issuer_name(cert); | 4675 name = X509_get_issuer_name(cert); |
4675 if (name == NULL) { | 4676 if (name == NULL) { |
4677 X509_free(cert); | |
4676 return NGX_ERROR; | 4678 return NGX_ERROR; |
4677 } | 4679 } |
4678 | 4680 |
4679 bio = BIO_new(BIO_s_mem()); | 4681 bio = BIO_new(BIO_s_mem()); |
4680 if (bio == NULL) { | 4682 if (bio == NULL) { |