diff options
| author | Vladimir Homutov <vl@nginx.com> | 2017-01-19 16:17:05 +0300 |
|---|---|---|
| committer | Vladimir Homutov <vl@nginx.com> | 2017-01-19 16:17:05 +0300 |
| commit | 0ccbe0abe4fc1313689576b21b8649e4ebe524ee (patch) | |
| tree | d1fe1395d2ee0798d7eaa3e0e4ba317b3a44e427 /src | |
| parent | b5a3cc3781e95068cd8d0d8c84a7d8296b6682e6 (diff) | |
| download | nginx-0ccbe0abe4fc1313689576b21b8649e4ebe524ee.tar.gz nginx-0ccbe0abe4fc1313689576b21b8649e4ebe524ee.zip | |
Stream: fixed handling of non-ssl sessions.
A missing check could cause ngx_stream_ssl_handler() to be applied
to a non-ssl session, which resulted in a null pointer dereference
if ssl_verify_client is enabled.
The bug had appeared in 1.11.8 (41cb1b64561d).
Diffstat (limited to 'src')
| -rw-r--r-- | src/stream/ngx_stream_ssl_module.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index fb653c57c..414d32824 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -287,11 +287,15 @@ ngx_stream_ssl_handler(ngx_stream_session_t *s) ngx_connection_t *c; ngx_stream_ssl_conf_t *sslcf; + if (!s->ssl) { + return NGX_OK; + } + c = s->connection; sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); - if (s->ssl && c->ssl == NULL) { + if (c->ssl == NULL) { c->log->action = "SSL handshaking"; if (sslcf->ssl.ctx == NULL) { |