[PATCH] Avoid using the result of i2d_SSL_SESSION when the session is invalid

Maxim Dounin mdounin at mdounin.ru
Mon Jun 19 14:59:39 UTC 2017


On Mon, Jun 19, 2017 at 04:09:43PM +0200, Bart Warmerdam wrote:

> According to the man-page of i2d_SSL_SESSION the result can be NULL or 
> 0, but case the actual result can also be -1 in case of a failed 
> CRYPTO_malloc. The call trace for this function is:
> Call chain:
>      i2d_SSL_SESSION
>      i2d_SSL_SESSION_ASN1
>      ASN1_item_i2d
>      asn1_item_flags_i2d
> The preprocessor output generates the following code:
> static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
>                                 const ASN1_ITEM *it, int flags)
> {
>      if (out && !*out) {

This condition cannot be true, as nginx uses preallocated buffer 
for i2d_SSL_SESSION().

(Moreover, using a preallocated buffer is this is the only 
approach documented in the i2d_SSL_SESSION() manual page, and the 
only one actually available before OpenSSL 1.1.0.)


Maxim Dounin

More information about the nginx-devel mailing list