Welcome! Log In Create A New Profile

Advanced

[nginx] Upstream: plugged potential memory leak on reload.

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
April 18, 2014 12:34PM
details: http://hg.nginx.org/nginx/rev/3fb6615bb87f
branches:
changeset: 5659:3fb6615bb87f
user: Maxim Dounin <mdounin@mdounin.ru>
date: Fri Apr 18 20:13:24 2014 +0400
description:
Upstream: plugged potential memory leak on reload.

The SSL_CTX_set_cipher_list() may fail if there are no valid ciphers
specified in proxy_ssl_ciphers / uwsgi_ssl_ciphers, resulting in
SSL context leak.

In theory, ngx_pool_cleanup_add() may fail too, but this case is
intentionally left out for now as it's almost impossible and proper fix
will require changes to http ssl and mail ssl code as well.

diffstat:

src/http/modules/ngx_http_proxy_module.c | 16 ++++++++--------
src/http/modules/ngx_http_uwsgi_module.c | 16 ++++++++--------
2 files changed, 16 insertions(+), 16 deletions(-)

diffs (66 lines):

diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -3774,6 +3774,14 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n
return NGX_ERROR;
}

+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ return NGX_ERROR;
+ }
+
+ cln->handler = ngx_ssl_cleanup_ctx;
+ cln->data = plcf->upstream.ssl;
+
if (SSL_CTX_set_cipher_list(plcf->upstream.ssl->ctx,
(const char *) plcf->ssl_ciphers.data)
== 0)
@@ -3784,14 +3792,6 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n
return NGX_ERROR;
}

- cln = ngx_pool_cleanup_add(cf->pool, 0);
- if (cln == NULL) {
- return NGX_ERROR;
- }
-
- cln->handler = ngx_ssl_cleanup_ctx;
- cln->data = plcf->upstream.ssl;
-
return NGX_OK;
}

diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2012,6 +2012,14 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, n
return NGX_ERROR;
}

+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ return NGX_ERROR;
+ }
+
+ cln->handler = ngx_ssl_cleanup_ctx;
+ cln->data = uwcf->upstream.ssl;
+
if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx,
(const char *) uwcf->ssl_ciphers.data)
== 0)
@@ -2022,14 +2030,6 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, n
return NGX_ERROR;
}

- cln = ngx_pool_cleanup_add(cf->pool, 0);
- if (cln == NULL) {
- return NGX_ERROR;
- }
-
- cln->handler = ngx_ssl_cleanup_ctx;
- cln->data = uwcf->upstream.ssl;
-
return NGX_OK;
}


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] Upstream: plugged potential memory leak on reload.

Maxim Dounin 706 April 18, 2014 12:34PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 160
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready