Hello! On Wed, Apr 01, 2015 at 02:02:37PM +0000, Filipe DA SILVA wrote:
> Hello, > > As I was working on this code, I see these missing calls. Committed with minor changes (see below), thanks. [...] > # HG changeset patch > # User filipe da Silva <[email protected]> Nitpicking: I've capitalized the first letter of the name. > # Date 1427893508 -7200 > # Wed Apr 01 15:05:08 2015 +0200 > # Node ID aef78b6a0e789521c029694bf3f5f4fccfd43c69 > # Parent 173561dfd5675903996975d57deb7a6f912048dc > OCSP stapling: missing free calls. > > Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init call fails. > Missing call to OCSP_CERTID_free when OCSP_request_add0_id call fails. > Possible leak in very particular scenarios of memory shortage. > > diff -r 173561dfd567 -r aef78b6a0e78 src/event/ngx_event_openssl_stapling.c > --- a/src/event/ngx_event_openssl_stapling.c Tue Mar 31 17:45:50 2015 +0300 > +++ b/src/event/ngx_event_openssl_stapling.c Wed Apr 01 15:05:08 2015 +0200 > @@ -310,6 +310,7 @@ ngx_ssl_stapling_issuer(ngx_conf_t *cf, > if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) { > ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, > "X509_STORE_CTX_init() failed"); > + X509_STORE_CTX_free(store_ctx); > return NGX_ERROR; > } > > @@ -1118,6 +1119,7 @@ ngx_ssl_ocsp_create_request(ngx_ssl_ocsp > if (OCSP_request_add0_id(ocsp, id) == NULL) { > ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, > "OCSP_request_add0_id() failed"); > + OCSP_CERTID_free(id); Nitpicking: nginx code uses 4 spaces for indentation, not tabs. Fixed. > goto failed; > } -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
