[nginx] SSL: fixed $ssl_session_id possible segfault after 97e37...
Maxim Dounin
mdounin at mdounin.ru
Mon Feb 10 13:36:49 UTC 2014
details: http://hg.nginx.org/nginx/rev/5a38f9609d85
branches: stable-1.4
changeset: 5567:5a38f9609d85
user: Maxim Dounin <mdounin at mdounin.ru>
date: Thu Jan 23 18:32:26 2014 +0400
description:
SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.
Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation. As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9). The check added returns an empty
string if there is no session available.
diffstat:
src/event/ngx_event_openssl.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diffs (14 lines):
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2233,6 +2233,10 @@ ngx_ssl_get_session_id(ngx_connection_t
SSL_SESSION *sess;
sess = SSL_get0_session(c->ssl->connection);
+ if (sess == NULL) {
+ s->len = 0;
+ return NGX_OK;
+ }
buf = sess->session_id;
len = sess->session_id_length;
More information about the nginx-devel
mailing list