[nginx] SSL: fixed unlocked access to sess_id->len.
Ruslan Ermilov
ru at nginx.com
Thu Sep 27 10:43:20 UTC 2018
details: http://hg.nginx.org/nginx/rev/cd4fa2fab8d8
branches:
changeset: 7365:cd4fa2fab8d8
user: Ruslan Ermilov <ru at nginx.com>
date: Tue Sep 25 14:07:59 2018 +0300
description:
SSL: fixed unlocked access to sess_id->len.
diffstat:
src/event/ngx_event_openssl.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diffs (28 lines):
diff -r 5fa22beeaf11 -r cd4fa2fab8d8 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Sep 27 13:05:39 2018 +0300
+++ b/src/event/ngx_event_openssl.c Tue Sep 25 14:07:59 2018 +0300
@@ -3146,6 +3146,7 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_
const
#endif
u_char *p;
+ size_t slen;
uint32_t hash;
ngx_int_t rc;
ngx_shm_zone_t *shm_zone;
@@ -3201,12 +3202,14 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_
if (rc == 0) {
if (sess_id->expire > ngx_time()) {
- ngx_memcpy(buf, sess_id->session, sess_id->len);
+ slen = sess_id->len;
+
+ ngx_memcpy(buf, sess_id->session, slen);
ngx_shmtx_unlock(&shpool->mutex);
p = buf;
- sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
+ sess = d2i_SSL_SESSION(NULL, &p, slen);
return sess;
}
More information about the nginx-devel
mailing list