Fijxu
/
nginx-quic
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn. 

If X509_get_issuer_name() or X509_get_subject_name() returned NULL,
this could lead to a certificate reference leak.  It cannot happen
in practice though, since each function returns an internal pointer
to a mandatory subfield of the certificate successfully decoded by
d2i_X509() during certificate message processing (closes #1751).
This commit is contained in:
Nikolay Morozov 2019-03-26 09:33:57 +03:00
parent 5d6e6b3e70
commit f9af4d7567
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/event/ngx_event_openssl.c
View File

@ -4622,6 +4622,7 @@ ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
name = X509_get_subject_name(cert);
if (name == NULL) {
X509_free(cert);
return NGX_ERROR;
}
@ -4673,6 +4674,7 @@ ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
name = X509_get_issuer_name(cert);
if (name == NULL) {
X509_free(cert);
return NGX_ERROR;
}