nginx: src/http/modules/ngx_http_ssl

comparison src/http/modules/ngx_http_ssl_module.c @ 7473:8981dbb12254

SSL: fixed potential leak on memory allocation errors. If ngx_pool_cleanup_add() fails, we have to clean just created SSL context manually, thus appropriate call added. Additionally, ngx_pool_cleanup_add() moved closer to ngx_ssl_create() in the ngx_http_ssl_module, to make sure there are no leaks due to intermediate code.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Sun, 03 Mar 2019 16:48:39 +0300
parents	48c87377aabd
children	ef7ee19776db

comparison

equal deleted inserted replaced

-:d430babbe643
+:8981dbb12254
 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
 return NGX_CONF_ERROR;
 }
+cln = ngx_pool_cleanup_add(cf->pool, 0);
+if (cln == NULL) {
+ngx_ssl_cleanup_ctx(&conf->ssl);
+return NGX_CONF_ERROR;
+}
+cln->handler = ngx_ssl_cleanup_ctx;
+cln->data = &conf->ssl;
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
 ngx_http_ssl_servername)
 == 0)
 #ifdef TLSEXT_TYPE_next_proto_neg
 SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx,
 ngx_http_ssl_npn_advertised, NULL);
 #endif
-cln = ngx_pool_cleanup_add(cf->pool, 0);
-if (cln == NULL) {
-return NGX_CONF_ERROR;
-}
-cln->handler = ngx_ssl_cleanup_ctx;
-cln->data = &conf->ssl;
 if (ngx_http_ssl_compile_certificates(cf, conf) != NGX_OK) {
 return NGX_CONF_ERROR;
 }

Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_module.c @ 7473:8981dbb12254