[PATCH] OCSP stapling: missing free calls.
Maxim Dounin
mdounin at mdounin.ru
Thu Apr 2 19:11:01 UTC 2015
Hello!
On Wed, Apr 01, 2015 at 02:02:37PM +0000, Filipe DA SILVA wrote:
> Hello,
>
> As I was working on this code, I see these missing calls.
Committed with minor changes (see below), thanks.
[...]
> # HG changeset patch
> # User filipe da Silva <fdasilva at ingima.com>
Nitpicking: I've capitalized the first letter of the name.
> # Date 1427893508 -7200
> # Wed Apr 01 15:05:08 2015 +0200
> # Node ID aef78b6a0e789521c029694bf3f5f4fccfd43c69
> # Parent 173561dfd5675903996975d57deb7a6f912048dc
> OCSP stapling: missing free calls.
>
> Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init call fails.
> Missing call to OCSP_CERTID_free when OCSP_request_add0_id call fails.
> Possible leak in very particular scenarios of memory shortage.
>
> diff -r 173561dfd567 -r aef78b6a0e78 src/event/ngx_event_openssl_stapling.c
> --- a/src/event/ngx_event_openssl_stapling.c Tue Mar 31 17:45:50 2015 +0300
> +++ b/src/event/ngx_event_openssl_stapling.c Wed Apr 01 15:05:08 2015 +0200
> @@ -310,6 +310,7 @@ ngx_ssl_stapling_issuer(ngx_conf_t *cf,
> if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) {
> ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
> "X509_STORE_CTX_init() failed");
> + X509_STORE_CTX_free(store_ctx);
> return NGX_ERROR;
> }
>
> @@ -1118,6 +1119,7 @@ ngx_ssl_ocsp_create_request(ngx_ssl_ocsp
> if (OCSP_request_add0_id(ocsp, id) == NULL) {
> ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
> "OCSP_request_add0_id() failed");
> + OCSP_CERTID_free(id);
Nitpicking: nginx code uses 4 spaces for indentation, not tabs.
Fixed.
> goto failed;
> }
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list