[PATCH] SSL: fix call to BIO_get_mem_data()

Maxim Dounin mdounin at mdounin.ru
Thu Dec 15 17:07:48 UTC 2016


Hello!

On Thu, Dec 15, 2016 at 06:31:31PM +0300, Maxim Dounin wrote:

> Hello!
> 
> On Wed, Dec 14, 2016 at 11:43:08AM -0800, Piotr Sikora via nginx-devel wrote:
> 
> > # HG changeset patch
> > # User Piotr Sikora <piotrsikora at google.com>
> > # Date 1481667570 28800
> > #      Tue Dec 13 14:19:30 2016 -0800
> > # Node ID 4848b2eea6ba373d29c036b3b5acbeaf0f038587
> > # Parent  25a64c864f4d31761eb42d39cda8b0e80277816d
> > SSL: fix call to BIO_get_mem_data().
> > 
> > Fixes build with BoringSSL.
> > 
> > Signed-off-by: Piotr Sikora <piotrsikora at google.com>
> > 
> > diff -r 25a64c864f4d -r 4848b2eea6ba src/event/ngx_event_openssl.c
> > --- a/src/event/ngx_event_openssl.c
> > +++ b/src/event/ngx_event_openssl.c
> > @@ -4069,7 +4069,7 @@ ngx_ssl_parse_time(
> >  
> >      BIO_write(bio, "Tue ", sizeof("Tue ") - 1);
> >      ASN1_TIME_print(bio, asn1time);
> > -    len = BIO_get_mem_data(bio, &value);
> > +    len = BIO_get_mem_data(bio, (char **) &value);
> >  
> >      time = ngx_parse_http_time(value, len);
> >  
> > diff -r 25a64c864f4d -r 4848b2eea6ba src/event/ngx_event_openssl_stapling.c
> > --- a/src/event/ngx_event_openssl_stapling.c
> > +++ b/src/event/ngx_event_openssl_stapling.c
> > @@ -793,7 +793,7 @@ ngx_ssl_stapling_time(ASN1_GENERALIZEDTI
> >  
> >      BIO_write(bio, "Tue ", sizeof("Tue ") - 1);
> >      ASN1_GENERALIZEDTIME_print(bio, asn1time);
> > -    len = BIO_get_mem_data(bio, &value);
> > +    len = BIO_get_mem_data(bio, (char **) &value);
> >  
> >      time = ngx_parse_http_time(value, len);
> >  
> 
> Committed, thanks.

Uhm, this change breaks build on CentOS 5:

src/event/ngx_event_openssl.c: In function ‘ngx_ssl_parse_time’:
src/event/ngx_event_openssl.c:4072: warning: dereferencing type-punned pointer will break strict-aliasing rules

Backed out, replaced with an alternative solution which seems to 
fix BoringSSL as well, see http://hg.nginx.org/nginx/rev/25d0d6dabe00.

-- 
Maxim Dounin
http://nginx.org/


More information about the nginx-devel mailing list