SSL memory bug?
mdounin at mdounin.ru
Mon Sep 29 12:17:50 UTC 2014
On Mon, Sep 29, 2014 at 02:03:08PM +0530, Fasih wrote:
> I was looking at ngx_event_openssl.c, when I saw this.
> if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_certificate_index, x509)
> == 0)
> ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
> "SSL_CTX_set_ex_data() failed");
> return NGX_ERROR;
> We just free the memory that is then used in
> ngx_ssl_session_id_context (introduced in 1.6.2). I havent tried to
> repro the error, but looks like a bug to me. PFA a suggested patch.
The SSL_CTX_use_certificate() call will grab a reference to the
certificate, so X509_free() here will not really free the memory.
More information about the nginx-devel