SSL: fixed potential leak on memory allocation errors.

author Maxim Dounin <mdounin@mdounin.ru>

Sun, 3 Mar 2019 13:48:39 +0000 (16:48 +0300)

committer Maxim Dounin <mdounin@mdounin.ru>

Sun, 3 Mar 2019 13:48:39 +0000 (16:48 +0300)
author Maxim Dounin <mdounin@mdounin.ru>
Sun, 3 Mar 2019 13:48:39 +0000 (16:48 +0300)
committer Maxim Dounin <mdounin@mdounin.ru>
Sun, 3 Mar 2019 13:48:39 +0000 (16:48 +0300)
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c

index 18478b978775e7ffd2d51cba909e33d336772921..f59ecbda7d69817fb8a638930be695b930e2d2c0 100644 (file)
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4650,6 +4650,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
  
      cln = ngx_pool_cleanup_add(cf->pool, 0);
      if (cln == NULL) {
+        ngx_ssl_cleanup_ctx(glcf->upstream.ssl);
          return NGX_ERROR;
      }
  
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c

index d6a892217cfc1701f3eed3ce96c1ff50a8c8d450..3aafb9996131eaf2f4e45434e94f6e268436ccc9 100644 (file)
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -4270,6 +4270,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
  
      cln = ngx_pool_cleanup_add(cf->pool, 0);
      if (cln == NULL) {
+        ngx_ssl_cleanup_ctx(plcf->upstream.ssl);
          return NGX_ERROR;
      }
  
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c

index 1b2830d210881b234b997a60343c424481025629..b3f8f4795cb7d9c2d26d5ab4f5c6aa363e6dfb50 100644 (file)
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -700,6 +700,15 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
          return NGX_CONF_ERROR;
      }
  
+    cln = ngx_pool_cleanup_add(cf->pool, 0);
+    if (cln == NULL) {
+        ngx_ssl_cleanup_ctx(&conf->ssl);
+        return NGX_CONF_ERROR;
+    }
+
+    cln->handler = ngx_ssl_cleanup_ctx;
+    cln->data = &conf->ssl;
+
  #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
  
      if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
@@ -723,14 +732,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
                                            ngx_http_ssl_npn_advertised, NULL);
  #endif
  
-    cln = ngx_pool_cleanup_add(cf->pool, 0);
-    if (cln == NULL) {
-        return NGX_CONF_ERROR;
-    }
-
-    cln->handler = ngx_ssl_cleanup_ctx;
-    cln->data = &conf->ssl;
-
      if (ngx_http_ssl_compile_certificates(cf, conf) != NGX_OK) {
          return NGX_CONF_ERROR;
      }
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c

index 8b091101f42bf010f19d4f96817d1d36e4b81712..56dc236ef181ba7b95275ba4a9c345736679fbe4 100644 (file)
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2359,6 +2359,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
  
      cln = ngx_pool_cleanup_add(cf->pool, 0);
      if (cln == NULL) {
+        ngx_ssl_cleanup_ctx(uwcf->upstream.ssl);
          return NGX_ERROR;
      }
  
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c

index 10e982ee8f9a2ceda4e6c0dd0dfb091babf9fa62..5544f75224d894744d2a586d37ab5ee8559b107a 100644 (file)
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -370,6 +370,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
  
      cln = ngx_pool_cleanup_add(cf->pool, 0);
      if (cln == NULL) {
+        ngx_ssl_cleanup_ctx(&conf->ssl);
          return NGX_CONF_ERROR;
      }
  
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c

index d7bdec270e23ec81ffc333112d00c775c00dab30..127c8a4a43befc6ac20830b5df98b5ef9f98d580 100644 (file)
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -2096,6 +2096,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
  
      cln = ngx_pool_cleanup_add(cf->pool, 0);
      if (cln == NULL) {
+        ngx_ssl_cleanup_ctx(pscf->ssl);
          return NGX_ERROR;
      }
  
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c

index b099a805a5d5ba6e37706753be689b1aa0d0710e..ec9524e0710645097b972c75d0bd283640868dde 100644 (file)
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -690,6 +690,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
  
      cln = ngx_pool_cleanup_add(cf->pool, 0);
      if (cln == NULL) {
+        ngx_ssl_cleanup_ctx(&conf->ssl);
          return NGX_CONF_ERROR;
      }
author	Maxim Dounin <mdounin@mdounin.ru>
	Sun, 3 Mar 2019 13:48:39 +0000 (16:48 +0300)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Sun, 3 Mar 2019 13:48:39 +0000 (16:48 +0300)
src/http/modules/ngx_http_grpc_module.c		patch \| blob \| history
src/http/modules/ngx_http_proxy_module.c		patch \| blob \| history
src/http/modules/ngx_http_ssl_module.c		patch \| blob \| history
src/http/modules/ngx_http_uwsgi_module.c		patch \| blob \| history
src/mail/ngx_mail_ssl_module.c		patch \| blob \| history
src/stream/ngx_stream_proxy_module.c		patch \| blob \| history
src/stream/ngx_stream_ssl_module.c		patch \| blob \| history