Mercurial > hg > nginx
comparison src/event/ngx_event_openssl_stapling.c @ 6064:ff957cd36860
OCSP stapling: missing free calls.
Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init fails.
Missing call to OCSP_CERTID_free when OCSP_request_add0_id fails.
Possible leaks in vary particular scenariis of memory shortage.
| author | Filipe da Silva <fdasilva@ingima.com> |
|---|---|
| date | Wed, 01 Apr 2015 15:05:08 +0200 |
| parents | 4d092aa2f463 |
| children | 6893a1007a7c |
comparison
equal
deleted
inserted
replaced
| 6063:d698c300b9ff | 6064:ff957cd36860 |
|---|---|
| 308 } | 308 } |
| 309 | 309 |
| 310 if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) { | 310 if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) { |
| 311 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 311 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
| 312 "X509_STORE_CTX_init() failed"); | 312 "X509_STORE_CTX_init() failed"); |
| 313 X509_STORE_CTX_free(store_ctx); | |
| 313 return NGX_ERROR; | 314 return NGX_ERROR; |
| 314 } | 315 } |
| 315 | 316 |
| 316 rc = X509_STORE_CTX_get1_issuer(&issuer, store_ctx, cert); | 317 rc = X509_STORE_CTX_get1_issuer(&issuer, store_ctx, cert); |
| 317 | 318 |
| 1116 } | 1117 } |
| 1117 | 1118 |
| 1118 if (OCSP_request_add0_id(ocsp, id) == NULL) { | 1119 if (OCSP_request_add0_id(ocsp, id) == NULL) { |
| 1119 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, | 1120 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, |
| 1120 "OCSP_request_add0_id() failed"); | 1121 "OCSP_request_add0_id() failed"); |
| 1122 OCSP_CERTID_free(id); | |
| 1121 goto failed; | 1123 goto failed; |
| 1122 } | 1124 } |
| 1123 | 1125 |
| 1124 len = i2d_OCSP_REQUEST(ocsp, NULL); | 1126 len = i2d_OCSP_REQUEST(ocsp, NULL); |
| 1125 if (len <= 0) { | 1127 if (len <= 0) { |