[nginx] SSL: separate checks for errors in ngx_ssl_read_password_file().
Maxim Dounin
mdounin at mdounin.ru
Thu Jan 31 18:26:40 UTC 2019
details: https://hg.nginx.org/nginx/rev/e72c8a8a8b10
branches:
changeset: 7454:e72c8a8a8b10
user: Maxim Dounin <mdounin at mdounin.ru>
date: Thu Jan 31 19:36:51 2019 +0300
description:
SSL: separate checks for errors in ngx_ssl_read_password_file().
Checking multiple errors at once is a bad practice, as in general
it is not guaranteed that an object can be used after the error.
In this particular case, checking errors after multiple allocations
can result in excessive errors being logged when there is no memory
available.
diffstat:
src/event/ngx_event_openssl.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diffs (20 lines):
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -947,10 +947,13 @@ ngx_ssl_read_password_file(ngx_conf_t *c
return NULL;
}
+ passwords = ngx_array_create(cf->temp_pool, 4, sizeof(ngx_str_t));
+ if (passwords == NULL) {
+ return NULL;
+ }
+
cln = ngx_pool_cleanup_add(cf->temp_pool, 0);
- passwords = ngx_array_create(cf->temp_pool, 4, sizeof(ngx_str_t));
-
- if (cln == NULL || passwords == NULL) {
+ if (cln == NULL) {
return NULL;
}
More information about the nginx-devel
mailing list