IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-01-21 05:43:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix memory leak when ssl_verify_client is on

Browse Source
This commit is contained in:
Igor Sysoev 2008-04-23 18:57:25 +00:00
parent 6a2ea3f544
commit 439e288a1b
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/event/ngx_event_openssl.c
View File

@ -1778,6 +1778,7 @@ ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
name = X509_get_subject_name(cert); name = X509_get_subject_name(cert);
if (name == NULL) { if (name == NULL) {
X509_free(cert);
return NGX_ERROR; return NGX_ERROR;
} }
@ -1789,12 +1790,14 @@ ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
s->data = ngx_palloc(pool, len); s->data = ngx_palloc(pool, len);
if (s->data == NULL) { if (s->data == NULL) {
OPENSSL_free(p); OPENSSL_free(p);
X509_free(cert);
return NGX_ERROR; return NGX_ERROR;
} }
ngx_memcpy(s->data, p, len); ngx_memcpy(s->data, p, len);
OPENSSL_free(p); OPENSSL_free(p);
X509_free(cert);
return NGX_OK; return NGX_OK;
} }
@ -1817,6 +1820,7 @@ ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
name = X509_get_issuer_name(cert); name = X509_get_issuer_name(cert);
if (name == NULL) { if (name == NULL) {
X509_free(cert);
return NGX_ERROR; return NGX_ERROR;
} }
@ -1828,12 +1832,14 @@ ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
s->data = ngx_palloc(pool, len); s->data = ngx_palloc(pool, len);
if (s->data == NULL) { if (s->data == NULL) {
OPENSSL_free(p); OPENSSL_free(p);
X509_free(cert);
return NGX_ERROR; return NGX_ERROR;
} }
ngx_memcpy(s->data, p, len); ngx_memcpy(s->data, p, len);
OPENSSL_free(p); OPENSSL_free(p);
X509_free(cert);
return NGX_OK; return NGX_OK;
} }
@ -1855,6 +1861,7 @@ ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
bio = BIO_new(BIO_s_mem()); bio = BIO_new(BIO_s_mem());
if (bio == NULL) { if (bio == NULL) {
X509_free(cert);
return NGX_ERROR; return NGX_ERROR;
} }
@ -1865,11 +1872,13 @@ ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
s->data = ngx_palloc(pool, len); s->data = ngx_palloc(pool, len);
if (s->data == NULL) { if (s->data == NULL) {
BIO_free(bio); BIO_free(bio);
X509_free(cert);
return NGX_ERROR; return NGX_ERROR;
} }
BIO_read(bio, s->data, len); BIO_read(bio, s->data, len);
BIO_free(bio); BIO_free(bio);
X509_free(cert);
return NGX_OK; return NGX_OK;
} }

9
src/http/ngx_http_request.c
View File

@ -1419,6 +1419,7 @@ ngx_http_process_request(ngx_http_request_t *r)
if (c->ssl) { if (c->ssl) {
long rc; long rc;
X509 *cert;
ngx_http_ssl_srv_conf_t *sscf; ngx_http_ssl_srv_conf_t *sscf;
sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
@ -1438,9 +1439,9 @@ ngx_http_process_request(ngx_http_request_t *r)
return; return;
} }
if (SSL_get_peer_certificate(c->ssl->connection) cert = SSL_get_peer_certificate(c->ssl->connection);
== NULL)
{ if (cert == NULL) {
ngx_log_error(NGX_LOG_INFO, c->log, 0, ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate"); "client sent no required SSL certificate");
@ -1450,6 +1451,8 @@ ngx_http_process_request(ngx_http_request_t *r)
ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
return; return;
} }
X509_free(cert);
} }
} }