Logging $ssl_session_id can crash Nginx 1.5.9 worker

Maxim Dounin mdounin at mdounin.ru
Wed Jan 22 21:48:58 UTC 2014


Hello!

On Thu, Jan 23, 2014 at 12:06:55AM +0400, Ruslan Ermilov wrote:

> On Wed, Jan 22, 2014 at 02:02:51PM -0500, mnordhoff wrote:
> > I run the nginx.org mainline packages on Ubuntu 12.04, 32- and 64-bit. I use
> > a wacky custom log format, and after 1.5.9 was released today, I enabled
> > logging the $ssl_session_id variable. I later ran an SSL Labs SSL Server
> > Test, [0] which makes numerous HTTPS requests of various sorts, and lo and
> > behold, one of my worker processes core dumped. I fooled around with my
> > configuration and determined that the problem was logging $ssl_session_id.
> > If I don't log it, it's fine. If I enable a log that contains
> > $ssl_session_id -- even only $ssl_session_id -- it crashes.
> 
> The following patch fixes this:
> 
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c
> +++ b/src/event/ngx_event_openssl.c
> @@ -2509,6 +2509,10 @@ ngx_ssl_get_session_id(ngx_connection_t 
>  
>      sess = SSL_get0_session(c->ssl->connection);
>  
> +    if (sess == NULL) {
> +        return NGX_ERROR;
> +    }
> +
>      buf = sess->session_id;
>      len = sess->session_id_length;

You were faster. :)
I think that len = 0 + NGX_OK is better than NGX_ERROR here 
though, and also in line with other similar functions like 
ngx_ssl_get_[raw_]certificate().

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list