SSL memory bug?

Maxim Dounin mdounin at mdounin.ru
Mon Sep 29 12:17:50 UTC 2014


Hello!

On Mon, Sep 29, 2014 at 02:03:08PM +0530, Fasih wrote:

> Hi
> 
> I was looking at ngx_event_openssl.c, when I saw this.
> 
>       if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_certificate_index, x509)
>           == 0)
>       {
>           ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
>                         "SSL_CTX_set_ex_data() failed");
>           X509_free(x509);
>           BIO_free(bio);
>           return NGX_ERROR;
>       }
> 
>       X509_free(x509);
> 
> 
> We just free the memory that is then used in
> 
> ngx_ssl_session_id_context (introduced in 1.6.2). I havent tried to
> repro the error, but looks like a bug to me. PFA a suggested patch.

The SSL_CTX_use_certificate() call will grab a reference to the 
certificate, so X509_free() here will not really free the memory.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list