Welcome! Log In Create A New Profile

Advanced

Prevent derefencing NULL pointer when OCSP body contains no nextUpdate element

Baldwin, Matthew
July 09, 2015 02:54PM
Hi!

If nextUpdate is NULL when processing an OCSP response, nginx will core with SIGSEGV in ngx_ssl_stapling_time when calling ASN1_GENERALIZEDTIME_print

The following patch against nginx-1.9.2 prevents this:

diff -rupN a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c 2015-06-16 14:49:43.000000000 +0000
+++ b/src/event/ngx_event_openssl_stapling.c 2015-07-09 17:16:24.337289920 +0000
@@ -636,6 +636,12 @@ ngx_ssl_stapling_ocsp_handler(ngx_ssl_oc
goto error;
}

+ if (nextupdate == NULL) {
+ ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
+ "NULL nextUpdate time in certificate status");
+ goto error;
+ }
+
valid = ngx_ssl_stapling_time(nextupdate);
if (valid == (time_t) NGX_ERROR) {
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Prevent derefencing NULL pointer when OCSP body contains no nextUpdate element

Baldwin, Matthew 678 July 09, 2015 02:54PM

Re: Prevent derefencing NULL pointer when OCSP body contains no nextUpdate element

Maxim Dounin 312 July 13, 2015 01:36PM

RE: Prevent derefencing NULL pointer when OCSP body contains no nextUpdate element

Baldwin, Matthew 421 July 13, 2015 03:22PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 148
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready