From: Nikolay Morozov <n.morozov@securitycode.ru>
Date: Tue, 26 Mar 2019 06:33:57 +0000 (+0300)
Subject: SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn.
X-Git-Tag: release-1.15.11~6
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=52d9da8790a272a43ac1907c8ba55063bd9a38fe;p=nginx.git

SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn.

If X509_get_issuer_name() or X509_get_subject_name() returned NULL,
this could lead to a certificate reference leak.  It cannot happen
in practice though, since each function returns an internal pointer
to a mandatory subfield of the certificate successfully decoded by
d2i_X509() during certificate message processing (closes #1751).
---

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index bee264c9f..7be4fb4cd 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -4622,6 +4622,7 @@ ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 
     name = X509_get_subject_name(cert);
     if (name == NULL) {
+        X509_free(cert);
         return NGX_ERROR;
     }
 
@@ -4673,6 +4674,7 @@ ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 
     name = X509_get_issuer_name(cert);
     if (name == NULL) {
+        X509_free(cert);
         return NGX_ERROR;
     }