Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nginx/nginx.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIgor Sysoev <igor@sysoev.ru>2008-04-28 12:50:39 +0400
committerIgor Sysoev <igor@sysoev.ru>2008-04-28 12:50:39 +0400
commit58d3821cf08be9cd22e8f366eea4b31cee5d240f (patch)
tree052071211b33666942d460ae7fdcc2698a028343
parentb39b9aa59abd0d42cbe4627325d0864a9138bac7 (diff)
fix memory leak when ssl_verify_client is on
Diffstat
-rw-r--r--src/event/ngx_event_openssl.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 2ce06ca0d..a2304ef27 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -288,7 +288,7 @@ ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
char *subject, *issuer;
int err, depth;
X509 *cert;
- X509_NAME *name;
+ X509_NAME *sname, *iname;
ngx_connection_t *c;
ngx_ssl_conn_t *ssl_conn;
@@ -301,17 +301,25 @@ ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
err = X509_STORE_CTX_get_error(x509_store);
depth = X509_STORE_CTX_get_error_depth(x509_store);
- name = X509_get_subject_name(cert);
- subject = name ? X509_NAME_oneline(name, NULL, 0) : "(none)";
+ sname = X509_get_subject_name(cert);
+ subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)";
- name = X509_get_issuer_name(cert);
- issuer = name ? X509_NAME_oneline(name, NULL, 0) : "(none)";
+ iname = X509_get_issuer_name(cert);
+ issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
"verify:%d, error:%d, depth:%d, "
"subject:\"%s\",issuer: \"%s\"",
ok, err, depth, subject, issuer);
+ if (sname) {
+ OPENSSL_free(subject);
+ }
+
+ if (iname) {
+ OPENSSL_free(issuer);
+ }
+
return 1;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 22:57:43 +0300