[PATCH] Remove memory leak in ngx_event_openssl.c

Tue Mar 26 13:50:23 UTC 2019

> On 26 Mar 2019, at 10:02, Nikolay Morozov <n.morozov at securitycode.ru> wrote:
> 
> # HG changeset patch
> # User Nikolay Morozov <n.morozov at securitycode.ru>
> # Date 1553582037 -10800
> #      Tue Mar 26 09:33:57 2019 +0300
> # Node ID e3d5aaa0f3df9e0d60e384e78e40f6fb7bd4524f
> # Parent  d9c3917c7f901ac2a0f4a483f3229a63b51840c5
> Remove memory leak in ngx_event_openssl.c
> 
> If X509_get_issuer_name() or X509_get_subject_name()
> return an error, certificate leaks.
> 
> diff -r d9c3917c7f90 -r e3d5aaa0f3df src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c     Wed Mar 06 20:46:09 2019 +0300
> +++ b/src/event/ngx_event_openssl.c     Tue Mar 26 09:33:57 2019 +0300
> @@ -4622,6 +4622,7 @@
> 
>     name = X509_get_subject_name(cert);
>     if (name == NULL) {
> +        X509_free(cert);
>         return NGX_ERROR;
>     }
> 
> @@ -4673,6 +4674,7 @@
> 
>     name = X509_get_issuer_name(cert);
>     if (name == NULL) {
> +        X509_free(cert);
>         return NGX_ERROR;
>     }
> 

Hello.

During an internal conversation in Nginx we came to the conclusion
that such leaks are not possible in practice.
Here is the commit log message I intend to proceed with.

SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn.

If X509_get_issuer_name() or X509_get_subject_name() returned NULL,
this could lead to a certificate reference leak.  It cannot happen
in practice though, since each function returns an internal pointer
to a mandatory subfield of the certificate successfully decoded by
d2i_X509() during certificate message processing (closes #1751).

> Заявление о конфиденциальности
> 
> Данное электронное письмо и любые приложения к нему являются конфиденциальными и предназначены исключительно для адресата. Если Вы не являетесь адресатом данного письма, пожалуйста, уведомите немедленно отправителя, не раскрывайте содержание другим лицам, не используйте его в каких-либо целях, не храните и не копируйте информацию любым способом.

Please note that nginx-devel@ is the English speaking mailing list.

Note that posting patches to a public mailing list with such a 
disclaimer might not be a good idea.  If you cannot remove it, 
please make sure to add an explicit comment that you understand 
that you are posting to a public mailing list, and you've read the 
http://nginx.org/en/docs/contributing_changes.html article.  In 
particular, that you agree with the "License" part.

Thank you.

-- 
Sergey Kandaurov