Prevent derefencing NULL pointer when OCSP body contains no nextUpdate element
Baldwin, Matthew
baldwinm at amazon.com
Thu Jul 9 18:53:12 UTC 2015
Hi!
If nextUpdate is NULL when processing an OCSP response, nginx will core with SIGSEGV in ngx_ssl_stapling_time when calling ASN1_GENERALIZEDTIME_print
The following patch against nginx-1.9.2 prevents this:
diff -rupN a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c 2015-06-16 14:49:43.000000000 +0000
+++ b/src/event/ngx_event_openssl_stapling.c 2015-07-09 17:16:24.337289920 +0000
@@ -636,6 +636,12 @@ ngx_ssl_stapling_ocsp_handler(ngx_ssl_oc
goto error;
}
+ if (nextupdate == NULL) {
+ ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
+ "NULL nextUpdate time in certificate status");
+ goto error;
+ }
+
valid = ngx_ssl_stapling_time(nextupdate);
if (valid == (time_t) NGX_ERROR) {
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
More information about the nginx-devel
mailing list