[PATCH] Avoid using the result of i2d_SSL_SESSION when the session is invalid
Maxim Dounin
mdounin at mdounin.ru
Mon Jun 19 14:59:39 UTC 2017
Hello!
On Mon, Jun 19, 2017 at 04:09:43PM +0200, Bart Warmerdam wrote:
> According to the man-page of i2d_SSL_SESSION the result can be NULL or
> 0, but case the actual result can also be -1 in case of a failed
> CRYPTO_malloc. The call trace for this function is:
>
> Call chain:
> i2d_SSL_SESSION
> i2d_SSL_SESSION_ASN1
> ASN1_item_i2d
> asn1_item_flags_i2d
>
>
> The preprocessor output generates the following code:
>
> static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
> const ASN1_ITEM *it, int flags)
> {
> if (out && !*out) {
This condition cannot be true, as nginx uses preallocated buffer
for i2d_SSL_SESSION().
(Moreover, using a preallocated buffer is this is the only
approach documented in the i2d_SSL_SESSION() manual page, and the
only one actually available before OpenSSL 1.1.0.)
[...]
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list