Welcome! Log In Create A New Profile

Advanced

[nginx] OCSP: fixed certificate reference leak.

Previous Message Next Message
Forum List Message List New Topic Print View
Sergey Kandaurov
July 23, 2020 10:44AM
details: https://hg.nginx.org/nginx/rev/d752a2c76d49
branches:
changeset: 7687:d752a2c76d49
user: Sergey Kandaurov <pluknet@nginx.com>
date: Thu Jul 23 17:31:09 2020 +0300
description:
OCSP: fixed certificate reference leak.

diffstat:

src/event/ngx_event_openssl_stapling.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)

diffs (67 lines):

diff -r 1f3bf1734a77 -r d752a2c76d49 src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c Wed Jul 22 22:16:19 2020 +0300
+++ b/src/event/ngx_event_openssl_stapling.c Thu Jul 23 17:31:09 2020 +0300
@@ -883,6 +883,7 @@ ngx_ssl_ocsp_validate(ngx_connection_t *

ocsp = ngx_pcalloc(c->pool, sizeof(ngx_ssl_ocsp_t));
if (ocsp == NULL) {
+ X509_free(cert);
return NGX_ERROR;
}

@@ -899,6 +900,7 @@ ngx_ssl_ocsp_validate(ngx_connection_t *
if (ocsp->certs) {
ocsp->certs = X509_chain_up_ref(ocsp->certs);
if (ocsp->certs == NULL) {
+ X509_free(cert);
return NGX_ERROR;
}
}
@@ -910,6 +912,7 @@ ngx_ssl_ocsp_validate(ngx_connection_t *
if (store == NULL) {
ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
"SSL_CTX_get_cert_store() failed");
+ X509_free(cert);
return NGX_ERROR;
}

@@ -917,6 +920,7 @@ ngx_ssl_ocsp_validate(ngx_connection_t *
if (store_ctx == NULL) {
ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
"X509_STORE_CTX_new() failed");
+ X509_free(cert);
return NGX_ERROR;
}

@@ -926,6 +930,7 @@ ngx_ssl_ocsp_validate(ngx_connection_t *
ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
"X509_STORE_CTX_init() failed");
X509_STORE_CTX_free(store_ctx);
+ X509_free(cert);
return NGX_ERROR;
}

@@ -933,6 +938,7 @@ ngx_ssl_ocsp_validate(ngx_connection_t *
if (rc <= 0) {
ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "X509_verify_cert() failed");
X509_STORE_CTX_free(store_ctx);
+ X509_free(cert);
return NGX_ERROR;
}

@@ -941,12 +947,15 @@ ngx_ssl_ocsp_validate(ngx_connection_t *
ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
"X509_STORE_CTX_get1_chain() failed");
X509_STORE_CTX_free(store_ctx);
+ X509_free(cert);
return NGX_ERROR;
}

X509_STORE_CTX_free(store_ctx);
}

+ X509_free(cert);
+
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
"ssl ocsp validate, certs:%d", sk_X509_num(ocsp->certs));

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] OCSP: fixed certificate reference leak.

Sergey Kandaurov 323 July 23, 2020 10:44AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 313
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready