Klaus Demo nginx / fe43346
SSL: fixed potential leak on memory allocation errors. If ngx_pool_cleanup_add() fails, we have to clean just created SSL context manually, thus appropriate call added. Additionally, ngx_pool_cleanup_add() moved closer to ngx_ssl_create() in the ngx_http_ssl_module, to make sure there are no leaks due to intermediate code. Maxim Dounin 1 year, 8 months ago
7 changed file(s) with 15 addition(s) and 8 deletion(s). Raw diff Collapse all Expand all
46494649
46504650 cln = ngx_pool_cleanup_add(cf->pool, 0);
46514651 if (cln == NULL) {
4652 ngx_ssl_cleanup_ctx(glcf->upstream.ssl);
46524653 return NGX_ERROR;
46534654 }
46544655
42694269
42704270 cln = ngx_pool_cleanup_add(cf->pool, 0);
42714271 if (cln == NULL) {
4272 ngx_ssl_cleanup_ctx(plcf->upstream.ssl);
42724273 return NGX_ERROR;
42734274 }
42744275
699699 return NGX_CONF_ERROR;
700700 }
701701
702 cln = ngx_pool_cleanup_add(cf->pool, 0);
703 if (cln == NULL) {
704 ngx_ssl_cleanup_ctx(&conf->ssl);
705 return NGX_CONF_ERROR;
706 }
707
708 cln->handler = ngx_ssl_cleanup_ctx;
709 cln->data = &conf->ssl;
710
702711 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
703712
704713 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
721730 SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx,
722731 ngx_http_ssl_npn_advertised, NULL);
723732 #endif
724
725 cln = ngx_pool_cleanup_add(cf->pool, 0);
726 if (cln == NULL) {
727 return NGX_CONF_ERROR;
728 }
729
730 cln->handler = ngx_ssl_cleanup_ctx;
731 cln->data = &conf->ssl;
732733
733734 if (ngx_http_ssl_compile_certificates(cf, conf) != NGX_OK) {
734735 return NGX_CONF_ERROR;
23582358
23592359 cln = ngx_pool_cleanup_add(cf->pool, 0);
23602360 if (cln == NULL) {
2361 ngx_ssl_cleanup_ctx(uwcf->upstream.ssl);
23612362 return NGX_ERROR;
23622363 }
23632364
369369
370370 cln = ngx_pool_cleanup_add(cf->pool, 0);
371371 if (cln == NULL) {
372 ngx_ssl_cleanup_ctx(&conf->ssl);
372373 return NGX_CONF_ERROR;
373374 }
374375
20952095
20962096 cln = ngx_pool_cleanup_add(cf->pool, 0);
20972097 if (cln == NULL) {
2098 ngx_ssl_cleanup_ctx(pscf->ssl);
20982099 return NGX_ERROR;
20992100 }
21002101
689689
690690 cln = ngx_pool_cleanup_add(cf->pool, 0);
691691 if (cln == NULL) {
692 ngx_ssl_cleanup_ctx(&conf->ssl);
692693 return NGX_CONF_ERROR;
693694 }
694695