SSL memory bug?

Fasihullah Askiri fasihullah.askiri at gmail.com
Mon Sep 29 14:23:15 UTC 2014


Thanks Maxim

Yeah, I had earlier tried to run this with valgrind and saw that
valgrind wasnt reporting an issue, also saw from the openssl code it
seems to be dereferencing. But the man page doesnt mention
dereferencing anywhere. For my information, can you please point me to
some documentation in openssl that says so. I use X509_free elsewhere
and I have used it as free (and not as a deref). Should I open a doc
ticket (if there is any) in openssl?

On Mon, Sep 29, 2014 at 5:47 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!
>
> On Mon, Sep 29, 2014 at 02:03:08PM +0530, Fasih wrote:
>
>> Hi
>>
>> I was looking at ngx_event_openssl.c, when I saw this.
>>
>>       if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_certificate_index, x509)
>>           == 0)
>>       {
>>           ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
>>                         "SSL_CTX_set_ex_data() failed");
>>           X509_free(x509);
>>           BIO_free(bio);
>>           return NGX_ERROR;
>>       }
>>
>>       X509_free(x509);
>>
>>
>> We just free the memory that is then used in
>>
>> ngx_ssl_session_id_context (introduced in 1.6.2). I havent tried to
>> repro the error, but looks like a bug to me. PFA a suggested patch.
>
> The SSL_CTX_use_certificate() call will grab a reference to the
> certificate, so X509_free() here will not really free the memory.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel



-- 
+Fasih

Life is 10% what happens to you and 90% how you react to it



More information about the nginx-devel mailing list