Mercurial > hg > nginx
comparison src/event/ngx_event_openssl_stapling.c @ 6064:ff957cd36860
OCSP stapling: missing free calls.
Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init fails.
Missing call to OCSP_CERTID_free when OCSP_request_add0_id fails.
Possible leaks in vary particular scenariis of memory shortage.
author | Filipe da Silva <fdasilva@ingima.com> |
---|---|
date | Wed, 01 Apr 2015 15:05:08 +0200 |
parents | 4d092aa2f463 |
children | 6893a1007a7c |
comparison
equal
deleted
inserted
replaced
6063:d698c300b9ff | 6064:ff957cd36860 |
---|---|
308 } | 308 } |
309 | 309 |
310 if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) { | 310 if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) { |
311 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 311 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
312 "X509_STORE_CTX_init() failed"); | 312 "X509_STORE_CTX_init() failed"); |
313 X509_STORE_CTX_free(store_ctx); | |
313 return NGX_ERROR; | 314 return NGX_ERROR; |
314 } | 315 } |
315 | 316 |
316 rc = X509_STORE_CTX_get1_issuer(&issuer, store_ctx, cert); | 317 rc = X509_STORE_CTX_get1_issuer(&issuer, store_ctx, cert); |
317 | 318 |
1116 } | 1117 } |
1117 | 1118 |
1118 if (OCSP_request_add0_id(ocsp, id) == NULL) { | 1119 if (OCSP_request_add0_id(ocsp, id) == NULL) { |
1119 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, | 1120 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, |
1120 "OCSP_request_add0_id() failed"); | 1121 "OCSP_request_add0_id() failed"); |
1122 OCSP_CERTID_free(id); | |
1121 goto failed; | 1123 goto failed; |
1122 } | 1124 } |
1123 | 1125 |
1124 len = i2d_OCSP_REQUEST(ocsp, NULL); | 1126 len = i2d_OCSP_REQUEST(ocsp, NULL); |
1125 if (len <= 0) { | 1127 if (len <= 0) { |