[nginx] OCSP stapling: missing free calls.
Maxim Dounin
mdounin at mdounin.ru
Thu Apr 2 19:10:49 UTC 2015
details: http://hg.nginx.org/nginx/rev/ff957cd36860
branches:
changeset: 6064:ff957cd36860
user: Filipe da Silva <fdasilva at ingima.com>
date: Wed Apr 01 15:05:08 2015 +0200
description:
OCSP stapling: missing free calls.
Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init fails.
Missing call to OCSP_CERTID_free when OCSP_request_add0_id fails.
Possible leaks in vary particular scenariis of memory shortage.
diffstat:
src/event/ngx_event_openssl_stapling.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diffs (19 lines):
diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -310,6 +310,7 @@ ngx_ssl_stapling_issuer(ngx_conf_t *cf,
if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"X509_STORE_CTX_init() failed");
+ X509_STORE_CTX_free(store_ctx);
return NGX_ERROR;
}
@@ -1118,6 +1119,7 @@ ngx_ssl_ocsp_create_request(ngx_ssl_ocsp
if (OCSP_request_add0_id(ocsp, id) == NULL) {
ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
"OCSP_request_add0_id() failed");
+ OCSP_CERTID_free(id);
goto failed;
}
More information about the nginx-devel
mailing list