Mercurial > hg > nginx

changeset 7484:65074e13f171

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn. If X509_get_issuer_name() or X509_get_subject_name() returned NULL, this could lead to a certificate reference leak. It cannot happen in practice though, since each function returns an internal pointer to a mandatory subfield of the certificate successfully decoded by d2i_X509() during certificate message processing (closes #1751).
author Nikolay Morozov <n.morozov@securitycode.ru>
date Tue, 26 Mar 2019 09:33:57 +0300
parents 1144c122e370
children edf5cd6c56fa
files src/event/ngx_event_openssl.c
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -4622,6 +4622,7 @@ ngx_ssl_get_subject_dn(ngx_connection_t 
 
     name = X509_get_subject_name(cert);
     if (name == NULL) {
+        X509_free(cert);
         return NGX_ERROR;
     }
 
@@ -4673,6 +4674,7 @@ ngx_ssl_get_issuer_dn(ngx_connection_t *
 
     name = X509_get_issuer_name(cert);
     if (name == NULL) {
+        X509_free(cert);
         return NGX_ERROR;
     }