# HG changeset patch # User Vladimir Homutov # Date 1484831825 -10800 # Node ID 0a08a8babf53a3ba1074587fcecdc32624eed2eb # Parent b2915d99ee8da5aaa9a9011dfc30f33bb700ff60 Stream: fixed handling of non-ssl sessions. A missing check could cause ngx_stream_ssl_handler() to be applied to a non-ssl session, which resulted in a null pointer dereference if ssl_verify_client is enabled. The bug had appeared in 1.11.8 (41cb1b64561d). diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -287,11 +287,15 @@ ngx_stream_ssl_handler(ngx_stream_sessio ngx_connection_t *c; ngx_stream_ssl_conf_t *sslcf; + if (!s->ssl) { + return NGX_OK; + } + c = s->connection; sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); - if (s->ssl && c->ssl == NULL) { + if (c->ssl == NULL) { c->log->action = "SSL handshaking"; if (sslcf->ssl.ctx == NULL) {