[nginx] SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn.

[Sergey Kandaurov]

details:   https://hg.nginx.org/nginx/rev/65074e13f171
branches:  
changeset: 7484:65074e13f171
user:      Nikolay Morozov <n.morozov at securitycode.ru>
date:      Tue Mar 26 09:33:57 2019 +0300
description:
SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn.

If X509_get_issuer_name() or X509_get_subject_name() returned NULL,
this could lead to a certificate reference leak.  It cannot happen
in practice though, since each function returns an internal pointer
to a mandatory subfield of the certificate successfully decoded by
d2i_X509() during certificate message processing (closes #1751).

diffstat:

 src/event/ngx_event_openssl.c |  2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diffs (19 lines):

diff -r 1144c122e370 -r 65074e13f171 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c	Tue Mar 26 18:25:08 2019 +0300
+++ b/src/event/ngx_event_openssl.c	Tue Mar 26 09:33:57 2019 +0300
@@ -4622,6 +4622,7 @@ ngx_ssl_get_subject_dn(ngx_connection_t 
 
     name = X509_get_subject_name(cert);
     if (name == NULL) {
+        X509_free(cert);
         return NGX_ERROR;
     }
 
@@ -4673,6 +4674,7 @@ ngx_ssl_get_issuer_dn(ngx_connection_t *
 
     name = X509_get_issuer_name(cert);
     if (name == NULL) {
+        X509_free(cert);
         return NGX_ERROR;
     }