[nginx] SSL: fixed $ssl_session_id possible segfault after 97e37...

Maxim Dounin mdounin at mdounin.ru
Mon Feb 10 13:36:49 UTC 2014


details:   http://hg.nginx.org/nginx/rev/5a38f9609d85
branches:  stable-1.4
changeset: 5567:5a38f9609d85
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Thu Jan 23 18:32:26 2014 +0400
description:
SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.

Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation.  As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9).  The check added returns an empty
string if there is no session available.

diffstat:

 src/event/ngx_event_openssl.c |  4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diffs (14 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2233,6 +2233,10 @@ ngx_ssl_get_session_id(ngx_connection_t 
     SSL_SESSION  *sess;
 
     sess = SSL_get0_session(c->ssl->connection);
+    if (sess == NULL) {
+        s->len = 0;
+        return NGX_OK;
+    }
 
     buf = sess->session_id;
     len = sess->session_id_length;



More information about the nginx-devel mailing list