]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6a2ea3f)
fix memory leak when ssl_verify_client is on
authorIgor Sysoev <igor@sysoev.ru>
Wed, 23 Apr 2008 18:57:25 +0000 (18:57 +0000)
committerIgor Sysoev <igor@sysoev.ru>
Wed, 23 Apr 2008 18:57:25 +0000 (18:57 +0000)
src/event/ngx_event_openssl.c patch | blob | history
src/http/ngx_http_request.c patch | blob | history

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 4362378577cdff8572f8e5c1b3b1af304eaab44f..2ce06ca0d9a5e6c2a12ea08e2b2e6a496bb280be 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1778,6 +1778,7 @@ ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 
     name = X509_get_subject_name(cert);
     if (name == NULL) {
+        X509_free(cert);
         return NGX_ERROR;
     }
 
@@ -1789,12 +1790,14 @@ ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
     s->data = ngx_palloc(pool, len);
     if (s->data == NULL) {
         OPENSSL_free(p);
+        X509_free(cert);
         return NGX_ERROR;
     }
 
     ngx_memcpy(s->data, p, len);
 
     OPENSSL_free(p);
+    X509_free(cert);
 
     return NGX_OK;
 }
@@ -1817,6 +1820,7 @@ ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 
     name = X509_get_issuer_name(cert);
     if (name == NULL) {
+        X509_free(cert);
         return NGX_ERROR;
     }
 
@@ -1828,12 +1832,14 @@ ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
     s->data = ngx_palloc(pool, len);
     if (s->data == NULL) {
         OPENSSL_free(p);
+        X509_free(cert);
         return NGX_ERROR;
     }
 
     ngx_memcpy(s->data, p, len);
 
     OPENSSL_free(p);
+    X509_free(cert);
 
     return NGX_OK;
 }
@@ -1855,6 +1861,7 @@ ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 
     bio = BIO_new(BIO_s_mem());
     if (bio == NULL) {
+        X509_free(cert);
         return NGX_ERROR;
     }
 
@@ -1865,11 +1872,13 @@ ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
     s->data = ngx_palloc(pool, len);
     if (s->data == NULL) {
         BIO_free(bio);
+        X509_free(cert);
         return NGX_ERROR;
     }
 
     BIO_read(bio, s->data, len);
     BIO_free(bio);
+    X509_free(cert);
 
     return NGX_OK;
 }
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index d87f77d5429401404e8bd41190c1f267ff945ecf..b248321e2d8c0dd2af084d0208a8d4f2678dee4b 100644 (file)
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1419,6 +1419,7 @@ ngx_http_process_request(ngx_http_request_t *r)
 
     if (c->ssl) {
         long                      rc;
+        X509                     *cert;
         ngx_http_ssl_srv_conf_t  *sscf;
 
         sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
@@ -1438,9 +1439,9 @@ ngx_http_process_request(ngx_http_request_t *r)
                 return;
             }
 
-            if (SSL_get_peer_certificate(c->ssl->connection)
-                == NULL)
-            {
+            cert = SSL_get_peer_certificate(c->ssl->connection);
+
+            if (cert == NULL) {
                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
                               "client sent no required SSL certificate");
 
@@ -1450,6 +1451,8 @@ ngx_http_process_request(ngx_http_request_t *r)
                 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
                 return;
             }
+
+            X509_free(cert);
         }
     }
 
nginx upstream