[nginx] Stream: fixed handling of non-ssl sessions.
Vladimir Homutov
vl at nginx.com
Thu Jan 19 13:32:15 UTC 2017
details: http://hg.nginx.org/nginx/rev/0a08a8babf53
branches:
changeset: 6870:0a08a8babf53
user: Vladimir Homutov <vl at nginx.com>
date: Thu Jan 19 16:17:05 2017 +0300
description:
Stream: fixed handling of non-ssl sessions.
A missing check could cause ngx_stream_ssl_handler() to be applied
to a non-ssl session, which resulted in a null pointer dereference
if ssl_verify_client is enabled.
The bug had appeared in 1.11.8 (41cb1b64561d).
diffstat:
src/stream/ngx_stream_ssl_module.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diffs (20 lines):
diff -r b2915d99ee8d -r 0a08a8babf53 src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c Thu Jan 12 19:22:03 2017 +0300
+++ b/src/stream/ngx_stream_ssl_module.c Thu Jan 19 16:17:05 2017 +0300
@@ -287,11 +287,15 @@ ngx_stream_ssl_handler(ngx_stream_sessio
ngx_connection_t *c;
ngx_stream_ssl_conf_t *sslcf;
+ if (!s->ssl) {
+ return NGX_OK;
+ }
+
c = s->connection;
sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
- if (s->ssl && c->ssl == NULL) {
+ if (c->ssl == NULL) {
c->log->action = "SSL handshaking";
if (sslcf->ssl.ctx == NULL) {
More information about the nginx-devel
mailing list