Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: X509_NAME_oneline() error handling.

Maxim Dounin
February 20, 2021 11:22AM
details: https://hg.nginx.org/nginx/rev/018a09b766ef
branches:
changeset: 7779:018a09b766ef
user: Maxim Dounin <mdounin@mdounin.ru>
date: Sat Feb 20 18:02:49 2021 +0300
description:
SSL: X509_NAME_oneline() error handling.

diffstat:

src/event/ngx_event_openssl.c | 44 +++++++++++++++++++++++++++++++++++++-----
1 files changed, 38 insertions(+), 6 deletions(-)

diffs (77 lines):

diff -r 549b13cd793b -r 018a09b766ef src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Sat Feb 20 12:44:26 2021 +0300
+++ b/src/event/ngx_event_openssl.c Sat Feb 20 18:02:49 2021 +0300
@@ -1019,21 +1019,43 @@ ngx_ssl_verify_callback(int ok, X509_STO
depth = X509_STORE_CTX_get_error_depth(x509_store);

sname = X509_get_subject_name(cert);
- subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)";
+
+ if (sname) {
+ subject = X509_NAME_oneline(sname, NULL, 0);
+ if (subject == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
+ "X509_NAME_oneline() failed");
+ }
+
+ } else {
+ subject = NULL;
+ }

iname = X509_get_issuer_name(cert);
- issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
+
+ if (iname) {
+ issuer = X509_NAME_oneline(iname, NULL, 0);
+ if (issuer == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
+ "X509_NAME_oneline() failed");
+ }
+
+ } else {
+ issuer = NULL;
+ }

ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
"verify:%d, error:%d, depth:%d, "
"subject:\"%s\", issuer:\"%s\"",
- ok, err, depth, subject, issuer);
-
- if (sname) {
+ ok, err, depth,
+ subject ? subject : "(none)",
+ issuer ? issuer : "(none)");
+
+ if (subject) {
OPENSSL_free(subject);
}

- if (iname) {
+ if (issuer) {
OPENSSL_free(issuer);
}
#endif
@@ -4900,6 +4922,11 @@ ngx_ssl_get_subject_dn_legacy(ngx_connec
}

p = X509_NAME_oneline(name, NULL, 0);
+ if (p == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_oneline() failed");
+ X509_free(cert);
+ return NGX_ERROR;
+ }

for (len = 0; p[len]; len++) { /* void */ }

@@ -4943,6 +4970,11 @@ ngx_ssl_get_issuer_dn_legacy(ngx_connect
}

p = X509_NAME_oneline(name, NULL, 0);
+ if (p == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_oneline() failed");
+ X509_free(cert);
+ return NGX_ERROR;
+ }

for (len = 0; p[len]; len++) { /* void */ }

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] SSL: X509_NAME_oneline() error handling.

Maxim Dounin 38 February 20, 2021 11:22AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 83
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready