[nginx] SSL: fixed potential leak on memory allocation errors.
Maxim Dounin
mdounin at mdounin.ru
Sun Mar 3 14:27:04 UTC 2019
details: https://hg.nginx.org/nginx/rev/8981dbb12254
branches:
changeset: 7473:8981dbb12254
user: Maxim Dounin <mdounin at mdounin.ru>
date: Sun Mar 03 16:48:39 2019 +0300
description:
SSL: fixed potential leak on memory allocation errors.
If ngx_pool_cleanup_add() fails, we have to clean just created SSL context
manually, thus appropriate call added.
Additionally, ngx_pool_cleanup_add() moved closer to ngx_ssl_create() in
the ngx_http_ssl_module, to make sure there are no leaks due to intermediate
code.
diffstat:
src/http/modules/ngx_http_grpc_module.c | 1 +
src/http/modules/ngx_http_proxy_module.c | 1 +
src/http/modules/ngx_http_ssl_module.c | 17 +++++++++--------
src/http/modules/ngx_http_uwsgi_module.c | 1 +
src/mail/ngx_mail_ssl_module.c | 1 +
src/stream/ngx_stream_proxy_module.c | 1 +
src/stream/ngx_stream_ssl_module.c | 1 +
7 files changed, 15 insertions(+), 8 deletions(-)
diffs (100 lines):
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4650,6 +4650,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ng
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(glcf->upstream.ssl);
return NGX_ERROR;
}
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -4270,6 +4270,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(plcf->upstream.ssl);
return NGX_ERROR;
}
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -700,6 +700,15 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
return NGX_CONF_ERROR;
}
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(&conf->ssl);
+ return NGX_CONF_ERROR;
+ }
+
+ cln->handler = ngx_ssl_cleanup_ctx;
+ cln->data = &conf->ssl;
+
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
@@ -723,14 +732,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
ngx_http_ssl_npn_advertised, NULL);
#endif
- cln = ngx_pool_cleanup_add(cf->pool, 0);
- if (cln == NULL) {
- return NGX_CONF_ERROR;
- }
-
- cln->handler = ngx_ssl_cleanup_ctx;
- cln->data = &conf->ssl;
-
if (ngx_http_ssl_compile_certificates(cf, conf) != NGX_OK) {
return NGX_CONF_ERROR;
}
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2359,6 +2359,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, n
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(uwcf->upstream.ssl);
return NGX_ERROR;
}
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -370,6 +370,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf,
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(&conf->ssl);
return NGX_CONF_ERROR;
}
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -2096,6 +2096,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf,
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(pscf->ssl);
return NGX_ERROR;
}
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -690,6 +690,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(&conf->ssl);
return NGX_CONF_ERROR;
}
More information about the nginx-devel
mailing list