diff options
| author | Filipe da Silva <fdasilva@ingima.com> | 2015-04-01 15:05:08 +0200 |
|---|---|---|
| committer | Filipe da Silva <fdasilva@ingima.com> | 2015-04-01 15:05:08 +0200 |
| commit | 95aad2235d3c3583588fb32d8d7c57a763a4e1b6 (patch) | |
| tree | bef8f78014323e8623066fbe6a235719e2658b48 | |
| parent | 355a793b895f3695df4e69f0637328db43f704a5 (diff) | |
| download | nginx-95aad2235d3c3583588fb32d8d7c57a763a4e1b6.tar.gz | |
OCSP stapling: missing free calls.
Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init fails.
Missing call to OCSP_CERTID_free when OCSP_request_add0_id fails.
Possible leaks in vary particular scenariis of memory shortage.
| -rw-r--r-- | src/event/ngx_event_openssl_stapling.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c index 2fa067309..c39598ff5 100644 --- a/src/event/ngx_event_openssl_stapling.c +++ b/src/event/ngx_event_openssl_stapling.c @@ -310,6 +310,7 @@ ngx_ssl_stapling_issuer(ngx_conf_t *cf, ngx_ssl_t *ssl) if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) { ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_STORE_CTX_init() failed"); + X509_STORE_CTX_free(store_ctx); return NGX_ERROR; } @@ -1118,6 +1119,7 @@ ngx_ssl_ocsp_create_request(ngx_ssl_ocsp_ctx_t *ctx) if (OCSP_request_add0_id(ocsp, id) == NULL) { ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, "OCSP_request_add0_id() failed"); + OCSP_CERTID_free(id); goto failed; } |